Action not permitted
Modal body text goes here.
cve-2009-3563
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T06:31:10.550Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "VU#568372", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/568372" }, { "name": "38832", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://secunia.com/advisories/38832" }, { "tags": [ "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673" }, { "name": "oval:org.mitre.oval:def:11225", "tags": [ "vdb-entry", "signature", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225" }, { "tags": [ "x_transferred" ], "url": "http://support.avaya.com/css/P8/documents/100071808" }, { "name": "38794", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://secunia.com/advisories/38794" }, { "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "tags": [ "mailing-list", "x_transferred" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "name": "FEDORA-2009-13121", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html" }, { "tags": [ "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213" }, { "name": "38764", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://secunia.com/advisories/38764" }, { "tags": [ "x_transferred" ], "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode" }, { "tags": [ "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J" }, { "name": "oval:org.mitre.oval:def:19376", "tags": [ "vdb-entry", "signature", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376" }, { "name": "37255", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.securityfocus.com/bid/37255" }, { "name": "SSRT101144", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2" }, { "name": "39593", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://secunia.com/advisories/39593" }, { "name": "IZ71047", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047" }, { "name": "ADV-2010-0993", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0993" }, { "name": "DSA-1948", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www.debian.org/security/2009/dsa-1948" }, { "tags": [ "x_transferred" ], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074" }, { "tags": [ "x_transferred" ], "url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc" }, { "name": "HPSBUX02639", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2" }, { "name": "1021781", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1" }, { "name": "IZ68659", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659" }, { "name": "SSRT100293", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2" }, { "tags": [ "x_transferred" ], "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331" }, { "name": "oval:org.mitre.oval:def:7076", "tags": [ "vdb-entry", "signature", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076" }, { "name": "37922", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://secunia.com/advisories/37922" }, { "name": "NetBSD-SA2010-005", "tags": [ "vendor-advisory", "x_transferred" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc" }, { "name": "38834", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://secunia.com/advisories/38834" }, { "name": "FEDORA-2009-13090", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html" }, { "tags": [ "x_transferred" ], "url": "http://security-tracker.debian.org/tracker/CVE-2009-3563" }, { "name": "1023298", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://securitytracker.com/id?1023298" }, { "name": "oval:org.mitre.oval:def:12141", "tags": [ "vdb-entry", "signature", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141" }, { "name": "RHSA-2009:1651", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html" }, { "name": "37629", "tags": [ "third-party-advisory", "x_transferred" ], "url": "http://secunia.com/advisories/37629" }, { "name": "RHSA-2010:0095", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "tags": [ "x_transferred" ], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691" }, { "name": "HPSBUX02859", "tags": [ "vendor-advisory", "x_transferred" ], "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2" }, { "name": "[announce] 20091208 NTP 4.2.4p8 Released", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html" }, { "name": "ADV-2010-0510", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0510" }, { "name": "RHSA-2009:1648", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html" }, { "tags": [ "x_transferred" ], "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7" }, { "name": "ADV-2010-0528", "tags": [ "vdb-entry", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2010/0528" }, { "name": "VU#417980", "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/417980" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2009-12-08T00:00:00", "descriptions": [ { "lang": "en", "value": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-03-19T21:06:04.060505", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "VU#568372", "tags": [ "third-party-advisory" ], "url": "http://www.kb.cert.org/vuls/id/568372" }, { "name": "38832", "tags": [ "third-party-advisory" ], "url": "http://secunia.com/advisories/38832" }, { "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673" }, { "name": "oval:org.mitre.oval:def:11225", "tags": [ "vdb-entry", "signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225" }, { "url": "http://support.avaya.com/css/P8/documents/100071808" }, { "name": "38794", "tags": [ "third-party-advisory" ], "url": "http://secunia.com/advisories/38794" }, { "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "tags": [ "mailing-list" ], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "name": "FEDORA-2009-13121", "tags": [ "vendor-advisory" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213" }, { "name": "38764", "tags": [ "third-party-advisory" ], "url": "http://secunia.com/advisories/38764" }, { "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode" }, { "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J" }, { "name": "oval:org.mitre.oval:def:19376", "tags": [ "vdb-entry", "signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376" }, { "name": "37255", "tags": [ "vdb-entry" ], "url": "http://www.securityfocus.com/bid/37255" }, { "name": "SSRT101144", "tags": [ "vendor-advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2" }, { "name": "39593", "tags": [ "third-party-advisory" ], "url": "http://secunia.com/advisories/39593" }, { "name": "IZ71047", "tags": [ "vendor-advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047" }, { "name": "ADV-2010-0993", "tags": [ "vdb-entry" ], "url": "http://www.vupen.com/english/advisories/2010/0993" }, { "name": "DSA-1948", "tags": [ "vendor-advisory" ], "url": "http://www.debian.org/security/2009/dsa-1948" }, { "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074" }, { "url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc" }, { "name": "HPSBUX02639", "tags": [ "vendor-advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2" }, { "name": "1021781", "tags": [ "vendor-advisory" ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1" }, { "name": "IZ68659", "tags": [ "vendor-advisory" ], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659" }, { "name": "SSRT100293", "tags": [ "vendor-advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2" }, { "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331" }, { "name": "oval:org.mitre.oval:def:7076", "tags": [ "vdb-entry", "signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076" }, { "name": "37922", "tags": [ "third-party-advisory" ], "url": "http://secunia.com/advisories/37922" }, { "name": "NetBSD-SA2010-005", "tags": [ "vendor-advisory" ], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc" }, { "name": "38834", "tags": [ "third-party-advisory" ], "url": "http://secunia.com/advisories/38834" }, { "name": "FEDORA-2009-13090", "tags": [ "vendor-advisory" ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html" }, { "url": "http://security-tracker.debian.org/tracker/CVE-2009-3563" }, { "name": "1023298", "tags": [ "vdb-entry" ], "url": "http://securitytracker.com/id?1023298" }, { "name": "oval:org.mitre.oval:def:12141", "tags": [ "vdb-entry", "signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141" }, { "name": "RHSA-2009:1651", "tags": [ "vendor-advisory" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html" }, { "name": "37629", "tags": [ "third-party-advisory" ], "url": "http://secunia.com/advisories/37629" }, { "name": "RHSA-2010:0095", "tags": [ "vendor-advisory" ], "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691" }, { "name": "HPSBUX02859", "tags": [ "vendor-advisory" ], "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2" }, { "name": "[announce] 20091208 NTP 4.2.4p8 Released", "tags": [ "mailing-list" ], "url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html" }, { "name": "ADV-2010-0510", "tags": [ "vdb-entry" ], "url": "http://www.vupen.com/english/advisories/2010/0510" }, { "name": "RHSA-2009:1648", "tags": [ "vendor-advisory" ], "url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html" }, { "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7" }, { "name": "ADV-2010-0528", "tags": [ "vdb-entry" ], "url": "http://www.vupen.com/english/advisories/2010/0528" }, { "name": "VU#417980", "tags": [ "third-party-advisory" ], "url": "https://www.kb.cert.org/vuls/id/417980" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-3563", "datePublished": "2009-12-09T00:00:00", "dateReserved": "2009-10-05T00:00:00", "dateUpdated": "2024-08-07T06:31:10.550Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2009-3563\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-12-09T18:30:00.390\",\"lastModified\":\"2024-03-19T21:15:07.173\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.\"},{\"lang\":\"es\",\"value\":\"ntp_request.c en ntpd en NTP anterior v4.2.4p8, y v4.2.5, permite a atacantes remotos causar una denegaci\u00f3n de servicio (consumo de CPU y ancho de banda) por uso de MODE_PRIVATE para enviar una suplantaci\u00f3n de (1) petici\u00f3n o (2) paquete respueta lo que lanza continuo intercambio de errores de respuesta MODE_PRIVATE entre dos demonios NTP.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.4},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.2.2p4\",\"matchCriteriaId\":\"73B1FD64-D156-45BC-9713-77E163DF731C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25AB2D70-2807-4970-ACD3-9B4751A1F9D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06C78C19-5A09-4883-8144-AE861A244FEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"437C8BA8-F437-4166-838D-EDC64E7A67DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"104AEC97-3C2A-48D2-BA63-08502F88F8D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87D67E30-E303-4F79-9929-4A5B587FCDB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B9BD95B5-322C-4CDC-A2DB-A06D4DA3B104\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0BD63969-D18D-41AF-9814-DA1A207BDE80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EAD8958-173A-4FCC-9420-A148BA5F73E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B271F6AD-D829-4671-8FA7-7D921364B426\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C25E03A8-46B5-4AC7-8506-4C255D7CC400\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C76CD53-CC9F-491A-952F-9A82D6E20058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E749D64E-5C47-4A34-9F3C-1D34F8348058\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE0C9CBB-D52F-4F7C-B343-E685A3996BC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB90A3FB-B107-46CF-A846-48EE0EDF637A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"088BFFA4-1AAB-4699-9793-F731A81B296A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3475779-383A-4128-9145-474EC08030FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"782BAA3D-A639-4B25-83F0-741074C88D7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF367FA4-2C7F-4040-89DE-8A97A069A802\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01D11498-3FC4-4890-9B10-BBA74A01C9E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ntp:ntp:4.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35C2B888-66D6-45D3-97E3-C711B1C6971A\"}]}]}],\"references\":[{\"url\":\"ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2010/000082.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/37629\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/37922\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38764\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38794\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38832\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/38834\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/39593\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security-tracker.debian.org/tracker/CVE-2009-3563\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/id?1023298\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.avaya.com/css/P8/documents/100071808\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2009/dsa-1948\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/568372\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/MAPG-7X7V6J\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/MAPG-7X7VD7\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/37255\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0510\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0528\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2010/0993\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=531213\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.ntp.org/pipermail/announce/2009-December/000086.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-1648.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2009-1651.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://rhn.redhat.com/errata/RHSA-2010-0095.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.ntp.org/bugs/show_bug.cgi?id=1331\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.kb.cert.org/vuls/id/417980\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html\",\"source\":\"cve@mitre.org\"}]}}" } }
rhsa-2009_1648
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated ntp package that fixes a security issue is now available for Red\nHat Enterprise Linux 4 and 5.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "The Network Time Protocol (NTP) is used to synchronize a computer\u0027s time\nwith a referenced time source.\n\nRobin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled\ncertain malformed NTP packets. ntpd logged information about all such\npackets and replied with an NTP packet that was treated as malformed when\nreceived by another ntpd. A remote attacker could use this flaw to create\nan NTP packet reply loop between two ntpd servers via a malformed packet\nwith a spoofed source IP address and port, causing ntpd on those servers to\nuse excessive amounts of CPU time and fill disk space with log messages.\n(CVE-2009-3563)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains a backported patch to resolve this issue. After installing the\nupdate, the ntpd daemon will restart automatically.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1648", "url": "https://access.redhat.com/errata/RHSA-2009:1648" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "531213", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1648.json" } ], "title": "Red Hat Security Advisory: ntp security update", "tracking": { "current_release_date": "2024-11-22T03:08:13+00:00", "generator": { "date": "2024-11-22T03:08:13+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:1648", "initial_release_date": "2009-12-08T19:29:00+00:00", "revision_history": [ { "date": "2009-12-08T19:29:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-12-08T14:33:41+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:08:13+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 4", "product": { "name": "Red Hat Enterprise Linux AS version 4", "product_id": "4AS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::as" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop version 4", "product": { "name": "Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::desktop" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 4", "product": { "name": "Red Hat Enterprise Linux ES version 4", "product_id": "4ES", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::es" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 4", "product": { "name": "Red Hat Enterprise Linux WS version 4", "product_id": "4WS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:4::ws" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product": { "name": "Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux (v. 5 server)", "product": { "name": "Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:5::server" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "product": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "product_id": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.2.0.a.20040617-8.el4_8.1?arch=ia64" } } }, { "category": "product_version", "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "product": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "product_id": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.0.a.20040617-8.el4_8.1?arch=ia64" } } }, { "category": "product_version", "name": "ntp-0:4.2.2p1-9.el5_4.1.ia64", "product": { "name": "ntp-0:4.2.2p1-9.el5_4.1.ia64", "product_id": "ntp-0:4.2.2p1-9.el5_4.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.2.2p1-9.el5_4.1?arch=ia64" } } }, { "category": "product_version", "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64", "product": { "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64", "product_id": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.2p1-9.el5_4.1?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "product": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "product_id": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.2.0.a.20040617-8.el4_8.1?arch=src" } } }, { "category": "product_version", "name": "ntp-0:4.2.2p1-9.el5_4.1.src", "product": { "name": "ntp-0:4.2.2p1-9.el5_4.1.src", "product_id": "ntp-0:4.2.2p1-9.el5_4.1.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.2.2p1-9.el5_4.1?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "product": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "product_id": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.2.0.a.20040617-8.el4_8.1?arch=x86_64" } } }, { "category": "product_version", "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "product": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "product_id": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.0.a.20040617-8.el4_8.1?arch=x86_64" } } }, { "category": "product_version", "name": "ntp-0:4.2.2p1-9.el5_4.1.x86_64", "product": { "name": "ntp-0:4.2.2p1-9.el5_4.1.x86_64", "product_id": "ntp-0:4.2.2p1-9.el5_4.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.2.2p1-9.el5_4.1?arch=x86_64" } } }, { "category": "product_version", "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64", "product": { "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64", "product_id": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.2p1-9.el5_4.1?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "product": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "product_id": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.2.0.a.20040617-8.el4_8.1?arch=i386" } } }, { "category": "product_version", "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "product": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "product_id": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.0.a.20040617-8.el4_8.1?arch=i386" } } }, { "category": "product_version", "name": "ntp-0:4.2.2p1-9.el5_4.1.i386", "product": { "name": "ntp-0:4.2.2p1-9.el5_4.1.i386", "product_id": "ntp-0:4.2.2p1-9.el5_4.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.2.2p1-9.el5_4.1?arch=i386" } } }, { "category": "product_version", "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386", "product": { "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386", "product_id": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.2p1-9.el5_4.1?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "product": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "product_id": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.2.0.a.20040617-8.el4_8.1?arch=ppc" } } }, { "category": "product_version", "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "product": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "product_id": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.0.a.20040617-8.el4_8.1?arch=ppc" } } }, { "category": "product_version", "name": "ntp-0:4.2.2p1-9.el5_4.1.ppc", "product": { "name": "ntp-0:4.2.2p1-9.el5_4.1.ppc", "product_id": "ntp-0:4.2.2p1-9.el5_4.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.2.2p1-9.el5_4.1?arch=ppc" } } }, { "category": "product_version", "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc", "product": { "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc", "product_id": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.2p1-9.el5_4.1?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "product": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "product_id": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.2.0.a.20040617-8.el4_8.1?arch=s390x" } } }, { "category": "product_version", "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "product": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "product_id": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.0.a.20040617-8.el4_8.1?arch=s390x" } } }, { "category": "product_version", "name": "ntp-0:4.2.2p1-9.el5_4.1.s390x", "product": { "name": "ntp-0:4.2.2p1-9.el5_4.1.s390x", "product_id": "ntp-0:4.2.2p1-9.el5_4.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.2.2p1-9.el5_4.1?arch=s390x" } } }, { "category": "product_version", "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x", "product": { "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x", "product_id": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.2p1-9.el5_4.1?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "product": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "product_id": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.2.0.a.20040617-8.el4_8.1?arch=s390" } } }, { "category": "product_version", "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "product": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "product_id": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.2.0.a.20040617-8.el4_8.1?arch=s390" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux AS version 4", "product_id": "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "relates_to_product_reference": "4AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.src" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4", "product_id": "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "relates_to_product_reference": "4Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.src" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux ES version 4", "product_id": "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "relates_to_product_reference": "4ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64" }, "product_reference": "ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64 as a component of Red Hat Enterprise Linux WS version 4", "product_id": "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64" }, "product_reference": "ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "relates_to_product_reference": "4WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.2p1-9.el5_4.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:ntp-0:4.2.2p1-9.el5_4.1.i386" }, "product_reference": "ntp-0:4.2.2p1-9.el5_4.1.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.2p1-9.el5_4.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:ntp-0:4.2.2p1-9.el5_4.1.ia64" }, "product_reference": "ntp-0:4.2.2p1-9.el5_4.1.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.2p1-9.el5_4.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:ntp-0:4.2.2p1-9.el5_4.1.ppc" }, "product_reference": "ntp-0:4.2.2p1-9.el5_4.1.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.2p1-9.el5_4.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:ntp-0:4.2.2p1-9.el5_4.1.s390x" }, "product_reference": "ntp-0:4.2.2p1-9.el5_4.1.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.2p1-9.el5_4.1.src as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:ntp-0:4.2.2p1-9.el5_4.1.src" }, "product_reference": "ntp-0:4.2.2p1-9.el5_4.1.src", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.2p1-9.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:ntp-0:4.2.2p1-9.el5_4.1.x86_64" }, "product_reference": "ntp-0:4.2.2p1-9.el5_4.1.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386" }, "product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64" }, "product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc" }, "product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x" }, "product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux Desktop (v. 5 client)", "product_id": "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64" }, "product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64", "relates_to_product_reference": "5Client" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.2p1-9.el5_4.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:ntp-0:4.2.2p1-9.el5_4.1.i386" }, "product_reference": "ntp-0:4.2.2p1-9.el5_4.1.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.2p1-9.el5_4.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:ntp-0:4.2.2p1-9.el5_4.1.ia64" }, "product_reference": "ntp-0:4.2.2p1-9.el5_4.1.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.2p1-9.el5_4.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:ntp-0:4.2.2p1-9.el5_4.1.ppc" }, "product_reference": "ntp-0:4.2.2p1-9.el5_4.1.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.2p1-9.el5_4.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:ntp-0:4.2.2p1-9.el5_4.1.s390x" }, "product_reference": "ntp-0:4.2.2p1-9.el5_4.1.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.2p1-9.el5_4.1.src as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:ntp-0:4.2.2p1-9.el5_4.1.src" }, "product_reference": "ntp-0:4.2.2p1-9.el5_4.1.src", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.2.2p1-9.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:ntp-0:4.2.2p1-9.el5_4.1.x86_64" }, "product_reference": "ntp-0:4.2.2p1-9.el5_4.1.x86_64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386" }, "product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64" }, "product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc" }, "product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x" }, "product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x", "relates_to_product_reference": "5Server" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64 as a component of Red Hat Enterprise Linux (v. 5 server)", "product_id": "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64" }, "product_reference": "ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64", "relates_to_product_reference": "5Server" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-3563", "discovery_date": "2009-10-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "531213" } ], "notes": [ { "category": "description", "text": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.", "title": "Vulnerability description" }, { "category": "summary", "text": "ntpd: DoS with mode 7 packets (VU#568372)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "5Client:ntp-0:4.2.2p1-9.el5_4.1.i386", "5Client:ntp-0:4.2.2p1-9.el5_4.1.ia64", "5Client:ntp-0:4.2.2p1-9.el5_4.1.ppc", "5Client:ntp-0:4.2.2p1-9.el5_4.1.s390x", "5Client:ntp-0:4.2.2p1-9.el5_4.1.src", "5Client:ntp-0:4.2.2p1-9.el5_4.1.x86_64", "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386", "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64", "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc", "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x", "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64", "5Server:ntp-0:4.2.2p1-9.el5_4.1.i386", "5Server:ntp-0:4.2.2p1-9.el5_4.1.ia64", "5Server:ntp-0:4.2.2p1-9.el5_4.1.ppc", "5Server:ntp-0:4.2.2p1-9.el5_4.1.s390x", "5Server:ntp-0:4.2.2p1-9.el5_4.1.src", "5Server:ntp-0:4.2.2p1-9.el5_4.1.x86_64", "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386", "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64", "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc", "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x", "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3563" }, { "category": "external", "summary": "RHBZ#531213", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3563", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3563", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3563" } ], "release_date": "2009-12-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-12-08T19:29:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "5Client:ntp-0:4.2.2p1-9.el5_4.1.i386", "5Client:ntp-0:4.2.2p1-9.el5_4.1.ia64", "5Client:ntp-0:4.2.2p1-9.el5_4.1.ppc", "5Client:ntp-0:4.2.2p1-9.el5_4.1.s390x", "5Client:ntp-0:4.2.2p1-9.el5_4.1.src", "5Client:ntp-0:4.2.2p1-9.el5_4.1.x86_64", "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386", "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64", "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc", "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x", "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64", "5Server:ntp-0:4.2.2p1-9.el5_4.1.i386", "5Server:ntp-0:4.2.2p1-9.el5_4.1.ia64", "5Server:ntp-0:4.2.2p1-9.el5_4.1.ppc", "5Server:ntp-0:4.2.2p1-9.el5_4.1.s390x", "5Server:ntp-0:4.2.2p1-9.el5_4.1.src", "5Server:ntp-0:4.2.2p1-9.el5_4.1.x86_64", "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386", "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64", "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc", "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x", "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1648" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "4AS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4AS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "4Desktop:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4Desktop:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "4ES:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4ES:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.i386", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.src", "4WS:ntp-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.i386", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ia64", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.ppc", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.s390x", "4WS:ntp-debuginfo-0:4.2.0.a.20040617-8.el4_8.1.x86_64", "5Client:ntp-0:4.2.2p1-9.el5_4.1.i386", "5Client:ntp-0:4.2.2p1-9.el5_4.1.ia64", "5Client:ntp-0:4.2.2p1-9.el5_4.1.ppc", "5Client:ntp-0:4.2.2p1-9.el5_4.1.s390x", "5Client:ntp-0:4.2.2p1-9.el5_4.1.src", "5Client:ntp-0:4.2.2p1-9.el5_4.1.x86_64", "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386", "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64", "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc", "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x", "5Client:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64", "5Server:ntp-0:4.2.2p1-9.el5_4.1.i386", "5Server:ntp-0:4.2.2p1-9.el5_4.1.ia64", "5Server:ntp-0:4.2.2p1-9.el5_4.1.ppc", "5Server:ntp-0:4.2.2p1-9.el5_4.1.s390x", "5Server:ntp-0:4.2.2p1-9.el5_4.1.src", "5Server:ntp-0:4.2.2p1-9.el5_4.1.x86_64", "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.i386", "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ia64", "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.ppc", "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.s390x", "5Server:ntp-debuginfo-0:4.2.2p1-9.el5_4.1.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ntpd: DoS with mode 7 packets (VU#568372)" } ] }
rhsa-2009_1651
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An updated ntp package that fixes two security issues is now available for\nRed Hat Enterprise Linux 3.\n\nThis update has been rated as having moderate security impact by the Red\nHat Security Response Team.", "title": "Topic" }, { "category": "general", "text": "The Network Time Protocol (NTP) is used to synchronize a computer\u0027s time\nwith a referenced time source.\n\nRobin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled\ncertain malformed NTP packets. ntpd logged information about all such\npackets and replied with an NTP packet that was treated as malformed when\nreceived by another ntpd. A remote attacker could use this flaw to create\nan NTP packet reply loop between two ntpd servers via a malformed packet\nwith a spoofed source IP address and port, causing ntpd on those servers to\nuse excessive amounts of CPU time and fill disk space with log messages.\n(CVE-2009-3563)\n\nA buffer overflow flaw was found in the ntpq diagnostic command. A\nmalicious, remote server could send a specially-crafted reply to an ntpq\nrequest that could crash ntpq or, potentially, execute arbitrary code with\nthe privileges of the user running the ntpq command. (CVE-2009-0159)\n\nAll ntp users are advised to upgrade to this updated package, which\ncontains backported patches to resolve these issues. After installing the\nupdate, the ntpd daemon will restart automatically.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2009:1651", "url": "https://access.redhat.com/errata/RHSA-2009:1651" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "490617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490617" }, { "category": "external", "summary": "531213", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1651.json" } ], "title": "Red Hat Security Advisory: ntp security update", "tracking": { "current_release_date": "2024-11-22T03:08:17+00:00", "generator": { "date": "2024-11-22T03:08:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2009:1651", "initial_release_date": "2009-12-08T19:42:00+00:00", "revision_history": [ { "date": "2009-12-08T19:42:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2009-12-08T14:50:43+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-22T03:08:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 3", "product": { "name": "Red Hat Enterprise Linux AS version 3", "product_id": "3AS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:3::as" } } }, { "category": "product_name", "name": "Red Hat Desktop version 3", "product": { "name": "Red Hat Desktop version 3", "product_id": "3Desktop", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:3::desktop" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 3", "product": { "name": "Red Hat Enterprise Linux ES version 3", "product_id": "3ES", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:3::es" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 3", "product": { "name": "Red Hat Enterprise Linux WS version 3", "product_id": "3WS", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:3::ws" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux" }, { "branches": [ { "category": "product_version", "name": "ntp-debuginfo-0:4.1.2-6.el3.ia64", "product": { "name": "ntp-debuginfo-0:4.1.2-6.el3.ia64", "product_id": "ntp-debuginfo-0:4.1.2-6.el3.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.1.2-6.el3?arch=ia64" } } }, { "category": "product_version", "name": "ntp-0:4.1.2-6.el3.ia64", "product": { "name": "ntp-0:4.1.2-6.el3.ia64", "product_id": "ntp-0:4.1.2-6.el3.ia64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.1.2-6.el3?arch=ia64" } } } ], "category": "architecture", "name": "ia64" }, { "branches": [ { "category": "product_version", "name": "ntp-debuginfo-0:4.1.2-6.el3.x86_64", "product": { "name": "ntp-debuginfo-0:4.1.2-6.el3.x86_64", "product_id": "ntp-debuginfo-0:4.1.2-6.el3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.1.2-6.el3?arch=x86_64" } } }, { "category": "product_version", "name": "ntp-0:4.1.2-6.el3.x86_64", "product": { "name": "ntp-0:4.1.2-6.el3.x86_64", "product_id": "ntp-0:4.1.2-6.el3.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.1.2-6.el3?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "ntp-debuginfo-0:4.1.2-6.el3.i386", "product": { "name": "ntp-debuginfo-0:4.1.2-6.el3.i386", "product_id": "ntp-debuginfo-0:4.1.2-6.el3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.1.2-6.el3?arch=i386" } } }, { "category": "product_version", "name": "ntp-0:4.1.2-6.el3.i386", "product": { "name": "ntp-0:4.1.2-6.el3.i386", "product_id": "ntp-0:4.1.2-6.el3.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.1.2-6.el3?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "ntp-0:4.1.2-6.el3.src", "product": { "name": "ntp-0:4.1.2-6.el3.src", "product_id": "ntp-0:4.1.2-6.el3.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.1.2-6.el3?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "ntp-debuginfo-0:4.1.2-6.el3.ppc", "product": { "name": "ntp-debuginfo-0:4.1.2-6.el3.ppc", "product_id": "ntp-debuginfo-0:4.1.2-6.el3.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.1.2-6.el3?arch=ppc" } } }, { "category": "product_version", "name": "ntp-0:4.1.2-6.el3.ppc", "product": { "name": "ntp-0:4.1.2-6.el3.ppc", "product_id": "ntp-0:4.1.2-6.el3.ppc", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.1.2-6.el3?arch=ppc" } } } ], "category": "architecture", "name": "ppc" }, { "branches": [ { "category": "product_version", "name": "ntp-debuginfo-0:4.1.2-6.el3.s390x", "product": { "name": "ntp-debuginfo-0:4.1.2-6.el3.s390x", "product_id": "ntp-debuginfo-0:4.1.2-6.el3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.1.2-6.el3?arch=s390x" } } }, { "category": "product_version", "name": "ntp-0:4.1.2-6.el3.s390x", "product": { "name": "ntp-0:4.1.2-6.el3.s390x", "product_id": "ntp-0:4.1.2-6.el3.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.1.2-6.el3?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "ntp-debuginfo-0:4.1.2-6.el3.s390", "product": { "name": "ntp-debuginfo-0:4.1.2-6.el3.s390", "product_id": "ntp-debuginfo-0:4.1.2-6.el3.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp-debuginfo@4.1.2-6.el3?arch=s390" } } }, { "category": "product_version", "name": "ntp-0:4.1.2-6.el3.s390", "product": { "name": "ntp-0:4.1.2-6.el3.s390", "product_id": "ntp-0:4.1.2-6.el3.s390", "product_identification_helper": { "purl": "pkg:rpm/redhat/ntp@4.1.2-6.el3?arch=s390" } } } ], "category": "architecture", "name": "s390" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.i386 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:ntp-0:4.1.2-6.el3.i386" }, "product_reference": "ntp-0:4.1.2-6.el3.i386", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.ia64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:ntp-0:4.1.2-6.el3.ia64" }, "product_reference": "ntp-0:4.1.2-6.el3.ia64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.ppc as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:ntp-0:4.1.2-6.el3.ppc" }, "product_reference": "ntp-0:4.1.2-6.el3.ppc", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.s390 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:ntp-0:4.1.2-6.el3.s390" }, "product_reference": "ntp-0:4.1.2-6.el3.s390", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.s390x as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:ntp-0:4.1.2-6.el3.s390x" }, "product_reference": "ntp-0:4.1.2-6.el3.s390x", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.src as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:ntp-0:4.1.2-6.el3.src" }, "product_reference": "ntp-0:4.1.2-6.el3.src", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.x86_64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:ntp-0:4.1.2-6.el3.x86_64" }, "product_reference": "ntp-0:4.1.2-6.el3.x86_64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.i386 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:ntp-debuginfo-0:4.1.2-6.el3.i386" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.i386", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.ia64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ia64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.ppc as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ppc", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.s390 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.s390x as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390x", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.x86_64 as a component of Red Hat Enterprise Linux AS version 3", "product_id": "3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.x86_64", "relates_to_product_reference": "3AS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.i386 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:ntp-0:4.1.2-6.el3.i386" }, "product_reference": "ntp-0:4.1.2-6.el3.i386", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.ia64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:ntp-0:4.1.2-6.el3.ia64" }, "product_reference": "ntp-0:4.1.2-6.el3.ia64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.ppc as a component of Red Hat Desktop version 3", "product_id": "3Desktop:ntp-0:4.1.2-6.el3.ppc" }, "product_reference": "ntp-0:4.1.2-6.el3.ppc", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.s390 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:ntp-0:4.1.2-6.el3.s390" }, "product_reference": "ntp-0:4.1.2-6.el3.s390", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.s390x as a component of Red Hat Desktop version 3", "product_id": "3Desktop:ntp-0:4.1.2-6.el3.s390x" }, "product_reference": "ntp-0:4.1.2-6.el3.s390x", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.src as a component of Red Hat Desktop version 3", "product_id": "3Desktop:ntp-0:4.1.2-6.el3.src" }, "product_reference": "ntp-0:4.1.2-6.el3.src", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.x86_64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:ntp-0:4.1.2-6.el3.x86_64" }, "product_reference": "ntp-0:4.1.2-6.el3.x86_64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.i386 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.i386", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.ia64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ia64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.ppc as a component of Red Hat Desktop version 3", "product_id": "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ppc", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.s390 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.s390x as a component of Red Hat Desktop version 3", "product_id": "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390x", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.x86_64 as a component of Red Hat Desktop version 3", "product_id": "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.x86_64", "relates_to_product_reference": "3Desktop" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.i386 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:ntp-0:4.1.2-6.el3.i386" }, "product_reference": "ntp-0:4.1.2-6.el3.i386", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.ia64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:ntp-0:4.1.2-6.el3.ia64" }, "product_reference": "ntp-0:4.1.2-6.el3.ia64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.ppc as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:ntp-0:4.1.2-6.el3.ppc" }, "product_reference": "ntp-0:4.1.2-6.el3.ppc", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.s390 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:ntp-0:4.1.2-6.el3.s390" }, "product_reference": "ntp-0:4.1.2-6.el3.s390", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.s390x as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:ntp-0:4.1.2-6.el3.s390x" }, "product_reference": "ntp-0:4.1.2-6.el3.s390x", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.src as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:ntp-0:4.1.2-6.el3.src" }, "product_reference": "ntp-0:4.1.2-6.el3.src", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.x86_64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:ntp-0:4.1.2-6.el3.x86_64" }, "product_reference": "ntp-0:4.1.2-6.el3.x86_64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.i386 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:ntp-debuginfo-0:4.1.2-6.el3.i386" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.i386", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.ia64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ia64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.ppc as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ppc", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.s390 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.s390x as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390x", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.x86_64 as a component of Red Hat Enterprise Linux ES version 3", "product_id": "3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.x86_64", "relates_to_product_reference": "3ES" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.i386 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:ntp-0:4.1.2-6.el3.i386" }, "product_reference": "ntp-0:4.1.2-6.el3.i386", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.ia64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:ntp-0:4.1.2-6.el3.ia64" }, "product_reference": "ntp-0:4.1.2-6.el3.ia64", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.ppc as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:ntp-0:4.1.2-6.el3.ppc" }, "product_reference": "ntp-0:4.1.2-6.el3.ppc", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.s390 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:ntp-0:4.1.2-6.el3.s390" }, "product_reference": "ntp-0:4.1.2-6.el3.s390", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.s390x as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:ntp-0:4.1.2-6.el3.s390x" }, "product_reference": "ntp-0:4.1.2-6.el3.s390x", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.src as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:ntp-0:4.1.2-6.el3.src" }, "product_reference": "ntp-0:4.1.2-6.el3.src", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-0:4.1.2-6.el3.x86_64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:ntp-0:4.1.2-6.el3.x86_64" }, "product_reference": "ntp-0:4.1.2-6.el3.x86_64", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.i386 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:ntp-debuginfo-0:4.1.2-6.el3.i386" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.i386", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.ia64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ia64", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.ppc as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.ppc", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.s390 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.s390x as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.s390x", "relates_to_product_reference": "3WS" }, { "category": "default_component_of", "full_product_name": { "name": "ntp-debuginfo-0:4.1.2-6.el3.x86_64 as a component of Red Hat Enterprise Linux WS version 3", "product_id": "3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64" }, "product_reference": "ntp-debuginfo-0:4.1.2-6.el3.x86_64", "relates_to_product_reference": "3WS" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-0159", "cwe": { "id": "CWE-121", "name": "Stack-based Buffer Overflow" }, "discovery_date": "2009-03-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "490617" } ], "notes": [ { "category": "description", "text": "Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c in ntpq in NTP before 4.2.4p7-RC2 allows remote NTP servers to execute arbitrary code via a crafted response.", "title": "Vulnerability description" }, { "category": "summary", "text": "ntp: buffer overflow in ntpq", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "3AS:ntp-0:4.1.2-6.el3.i386", "3AS:ntp-0:4.1.2-6.el3.ia64", "3AS:ntp-0:4.1.2-6.el3.ppc", "3AS:ntp-0:4.1.2-6.el3.s390", "3AS:ntp-0:4.1.2-6.el3.s390x", "3AS:ntp-0:4.1.2-6.el3.src", "3AS:ntp-0:4.1.2-6.el3.x86_64", "3AS:ntp-debuginfo-0:4.1.2-6.el3.i386", "3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390", "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3Desktop:ntp-0:4.1.2-6.el3.i386", "3Desktop:ntp-0:4.1.2-6.el3.ia64", "3Desktop:ntp-0:4.1.2-6.el3.ppc", "3Desktop:ntp-0:4.1.2-6.el3.s390", "3Desktop:ntp-0:4.1.2-6.el3.s390x", "3Desktop:ntp-0:4.1.2-6.el3.src", "3Desktop:ntp-0:4.1.2-6.el3.x86_64", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3ES:ntp-0:4.1.2-6.el3.i386", "3ES:ntp-0:4.1.2-6.el3.ia64", "3ES:ntp-0:4.1.2-6.el3.ppc", "3ES:ntp-0:4.1.2-6.el3.s390", "3ES:ntp-0:4.1.2-6.el3.s390x", "3ES:ntp-0:4.1.2-6.el3.src", "3ES:ntp-0:4.1.2-6.el3.x86_64", "3ES:ntp-debuginfo-0:4.1.2-6.el3.i386", "3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390", "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3WS:ntp-0:4.1.2-6.el3.i386", "3WS:ntp-0:4.1.2-6.el3.ia64", "3WS:ntp-0:4.1.2-6.el3.ppc", "3WS:ntp-0:4.1.2-6.el3.s390", "3WS:ntp-0:4.1.2-6.el3.s390x", "3WS:ntp-0:4.1.2-6.el3.src", "3WS:ntp-0:4.1.2-6.el3.x86_64", "3WS:ntp-debuginfo-0:4.1.2-6.el3.i386", "3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390", "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-0159" }, { "category": "external", "summary": "RHBZ#490617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=490617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-0159", "url": "https://www.cve.org/CVERecord?id=CVE-2009-0159" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-0159", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0159" } ], "release_date": "2009-04-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-12-08T19:42:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "3AS:ntp-0:4.1.2-6.el3.i386", "3AS:ntp-0:4.1.2-6.el3.ia64", "3AS:ntp-0:4.1.2-6.el3.ppc", "3AS:ntp-0:4.1.2-6.el3.s390", "3AS:ntp-0:4.1.2-6.el3.s390x", "3AS:ntp-0:4.1.2-6.el3.src", "3AS:ntp-0:4.1.2-6.el3.x86_64", "3AS:ntp-debuginfo-0:4.1.2-6.el3.i386", "3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390", "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3Desktop:ntp-0:4.1.2-6.el3.i386", "3Desktop:ntp-0:4.1.2-6.el3.ia64", "3Desktop:ntp-0:4.1.2-6.el3.ppc", "3Desktop:ntp-0:4.1.2-6.el3.s390", "3Desktop:ntp-0:4.1.2-6.el3.s390x", "3Desktop:ntp-0:4.1.2-6.el3.src", "3Desktop:ntp-0:4.1.2-6.el3.x86_64", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3ES:ntp-0:4.1.2-6.el3.i386", "3ES:ntp-0:4.1.2-6.el3.ia64", "3ES:ntp-0:4.1.2-6.el3.ppc", "3ES:ntp-0:4.1.2-6.el3.s390", "3ES:ntp-0:4.1.2-6.el3.s390x", "3ES:ntp-0:4.1.2-6.el3.src", "3ES:ntp-0:4.1.2-6.el3.x86_64", "3ES:ntp-debuginfo-0:4.1.2-6.el3.i386", "3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390", "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3WS:ntp-0:4.1.2-6.el3.i386", "3WS:ntp-0:4.1.2-6.el3.ia64", "3WS:ntp-0:4.1.2-6.el3.ppc", "3WS:ntp-0:4.1.2-6.el3.s390", "3WS:ntp-0:4.1.2-6.el3.s390x", "3WS:ntp-0:4.1.2-6.el3.src", "3WS:ntp-0:4.1.2-6.el3.x86_64", "3WS:ntp-debuginfo-0:4.1.2-6.el3.i386", "3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390", "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1651" } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "3AS:ntp-0:4.1.2-6.el3.i386", "3AS:ntp-0:4.1.2-6.el3.ia64", "3AS:ntp-0:4.1.2-6.el3.ppc", "3AS:ntp-0:4.1.2-6.el3.s390", "3AS:ntp-0:4.1.2-6.el3.s390x", "3AS:ntp-0:4.1.2-6.el3.src", "3AS:ntp-0:4.1.2-6.el3.x86_64", "3AS:ntp-debuginfo-0:4.1.2-6.el3.i386", "3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390", "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3Desktop:ntp-0:4.1.2-6.el3.i386", "3Desktop:ntp-0:4.1.2-6.el3.ia64", "3Desktop:ntp-0:4.1.2-6.el3.ppc", "3Desktop:ntp-0:4.1.2-6.el3.s390", "3Desktop:ntp-0:4.1.2-6.el3.s390x", "3Desktop:ntp-0:4.1.2-6.el3.src", "3Desktop:ntp-0:4.1.2-6.el3.x86_64", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3ES:ntp-0:4.1.2-6.el3.i386", "3ES:ntp-0:4.1.2-6.el3.ia64", "3ES:ntp-0:4.1.2-6.el3.ppc", "3ES:ntp-0:4.1.2-6.el3.s390", "3ES:ntp-0:4.1.2-6.el3.s390x", "3ES:ntp-0:4.1.2-6.el3.src", "3ES:ntp-0:4.1.2-6.el3.x86_64", "3ES:ntp-debuginfo-0:4.1.2-6.el3.i386", "3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390", "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3WS:ntp-0:4.1.2-6.el3.i386", "3WS:ntp-0:4.1.2-6.el3.ia64", "3WS:ntp-0:4.1.2-6.el3.ppc", "3WS:ntp-0:4.1.2-6.el3.s390", "3WS:ntp-0:4.1.2-6.el3.s390x", "3WS:ntp-0:4.1.2-6.el3.src", "3WS:ntp-0:4.1.2-6.el3.x86_64", "3WS:ntp-debuginfo-0:4.1.2-6.el3.i386", "3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390", "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "ntp: buffer overflow in ntpq" }, { "cve": "CVE-2009-3563", "discovery_date": "2009-10-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "531213" } ], "notes": [ { "category": "description", "text": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.", "title": "Vulnerability description" }, { "category": "summary", "text": "ntpd: DoS with mode 7 packets (VU#568372)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "3AS:ntp-0:4.1.2-6.el3.i386", "3AS:ntp-0:4.1.2-6.el3.ia64", "3AS:ntp-0:4.1.2-6.el3.ppc", "3AS:ntp-0:4.1.2-6.el3.s390", "3AS:ntp-0:4.1.2-6.el3.s390x", "3AS:ntp-0:4.1.2-6.el3.src", "3AS:ntp-0:4.1.2-6.el3.x86_64", "3AS:ntp-debuginfo-0:4.1.2-6.el3.i386", "3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390", "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3Desktop:ntp-0:4.1.2-6.el3.i386", "3Desktop:ntp-0:4.1.2-6.el3.ia64", "3Desktop:ntp-0:4.1.2-6.el3.ppc", "3Desktop:ntp-0:4.1.2-6.el3.s390", "3Desktop:ntp-0:4.1.2-6.el3.s390x", "3Desktop:ntp-0:4.1.2-6.el3.src", "3Desktop:ntp-0:4.1.2-6.el3.x86_64", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3ES:ntp-0:4.1.2-6.el3.i386", "3ES:ntp-0:4.1.2-6.el3.ia64", "3ES:ntp-0:4.1.2-6.el3.ppc", "3ES:ntp-0:4.1.2-6.el3.s390", "3ES:ntp-0:4.1.2-6.el3.s390x", "3ES:ntp-0:4.1.2-6.el3.src", "3ES:ntp-0:4.1.2-6.el3.x86_64", "3ES:ntp-debuginfo-0:4.1.2-6.el3.i386", "3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390", "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3WS:ntp-0:4.1.2-6.el3.i386", "3WS:ntp-0:4.1.2-6.el3.ia64", "3WS:ntp-0:4.1.2-6.el3.ppc", "3WS:ntp-0:4.1.2-6.el3.s390", "3WS:ntp-0:4.1.2-6.el3.s390x", "3WS:ntp-0:4.1.2-6.el3.src", "3WS:ntp-0:4.1.2-6.el3.x86_64", "3WS:ntp-debuginfo-0:4.1.2-6.el3.i386", "3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390", "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2009-3563" }, { "category": "external", "summary": "RHBZ#531213", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2009-3563", "url": "https://www.cve.org/CVERecord?id=CVE-2009-3563" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3563", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3563" } ], "release_date": "2009-12-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2009-12-08T19:42:00+00:00", "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259", "product_ids": [ "3AS:ntp-0:4.1.2-6.el3.i386", "3AS:ntp-0:4.1.2-6.el3.ia64", "3AS:ntp-0:4.1.2-6.el3.ppc", "3AS:ntp-0:4.1.2-6.el3.s390", "3AS:ntp-0:4.1.2-6.el3.s390x", "3AS:ntp-0:4.1.2-6.el3.src", "3AS:ntp-0:4.1.2-6.el3.x86_64", "3AS:ntp-debuginfo-0:4.1.2-6.el3.i386", "3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390", "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3Desktop:ntp-0:4.1.2-6.el3.i386", "3Desktop:ntp-0:4.1.2-6.el3.ia64", "3Desktop:ntp-0:4.1.2-6.el3.ppc", "3Desktop:ntp-0:4.1.2-6.el3.s390", "3Desktop:ntp-0:4.1.2-6.el3.s390x", "3Desktop:ntp-0:4.1.2-6.el3.src", "3Desktop:ntp-0:4.1.2-6.el3.x86_64", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3ES:ntp-0:4.1.2-6.el3.i386", "3ES:ntp-0:4.1.2-6.el3.ia64", "3ES:ntp-0:4.1.2-6.el3.ppc", "3ES:ntp-0:4.1.2-6.el3.s390", "3ES:ntp-0:4.1.2-6.el3.s390x", "3ES:ntp-0:4.1.2-6.el3.src", "3ES:ntp-0:4.1.2-6.el3.x86_64", "3ES:ntp-debuginfo-0:4.1.2-6.el3.i386", "3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390", "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3WS:ntp-0:4.1.2-6.el3.i386", "3WS:ntp-0:4.1.2-6.el3.ia64", "3WS:ntp-0:4.1.2-6.el3.ppc", "3WS:ntp-0:4.1.2-6.el3.s390", "3WS:ntp-0:4.1.2-6.el3.s390x", "3WS:ntp-0:4.1.2-6.el3.src", "3WS:ntp-0:4.1.2-6.el3.x86_64", "3WS:ntp-debuginfo-0:4.1.2-6.el3.i386", "3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390", "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2009:1651" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "products": [ "3AS:ntp-0:4.1.2-6.el3.i386", "3AS:ntp-0:4.1.2-6.el3.ia64", "3AS:ntp-0:4.1.2-6.el3.ppc", "3AS:ntp-0:4.1.2-6.el3.s390", "3AS:ntp-0:4.1.2-6.el3.s390x", "3AS:ntp-0:4.1.2-6.el3.src", "3AS:ntp-0:4.1.2-6.el3.x86_64", "3AS:ntp-debuginfo-0:4.1.2-6.el3.i386", "3AS:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3AS:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390", "3AS:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3AS:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3Desktop:ntp-0:4.1.2-6.el3.i386", "3Desktop:ntp-0:4.1.2-6.el3.ia64", "3Desktop:ntp-0:4.1.2-6.el3.ppc", "3Desktop:ntp-0:4.1.2-6.el3.s390", "3Desktop:ntp-0:4.1.2-6.el3.s390x", "3Desktop:ntp-0:4.1.2-6.el3.src", "3Desktop:ntp-0:4.1.2-6.el3.x86_64", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.i386", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3Desktop:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3ES:ntp-0:4.1.2-6.el3.i386", "3ES:ntp-0:4.1.2-6.el3.ia64", "3ES:ntp-0:4.1.2-6.el3.ppc", "3ES:ntp-0:4.1.2-6.el3.s390", "3ES:ntp-0:4.1.2-6.el3.s390x", "3ES:ntp-0:4.1.2-6.el3.src", "3ES:ntp-0:4.1.2-6.el3.x86_64", "3ES:ntp-debuginfo-0:4.1.2-6.el3.i386", "3ES:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3ES:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390", "3ES:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3ES:ntp-debuginfo-0:4.1.2-6.el3.x86_64", "3WS:ntp-0:4.1.2-6.el3.i386", "3WS:ntp-0:4.1.2-6.el3.ia64", "3WS:ntp-0:4.1.2-6.el3.ppc", "3WS:ntp-0:4.1.2-6.el3.s390", "3WS:ntp-0:4.1.2-6.el3.s390x", "3WS:ntp-0:4.1.2-6.el3.src", "3WS:ntp-0:4.1.2-6.el3.x86_64", "3WS:ntp-debuginfo-0:4.1.2-6.el3.i386", "3WS:ntp-debuginfo-0:4.1.2-6.el3.ia64", "3WS:ntp-debuginfo-0:4.1.2-6.el3.ppc", "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390", "3WS:ntp-debuginfo-0:4.1.2-6.el3.s390x", "3WS:ntp-debuginfo-0:4.1.2-6.el3.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ntpd: DoS with mode 7 packets (VU#568372)" } ] }
gsd-2009-3563
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2009-3563", "description": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.", "id": "GSD-2009-3563", "references": [ "https://www.suse.com/security/cve/CVE-2009-3563.html", "https://www.debian.org/security/2009/dsa-1948", "https://access.redhat.com/errata/RHSA-2009:1651", "https://access.redhat.com/errata/RHSA-2009:1648", "https://linux.oracle.com/cve/CVE-2009-3563.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2009-3563" ], "details": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.", "id": "GSD-2009-3563", "modified": "2023-12-13T01:19:49.509033Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3563", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "VU#568372", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/568372" }, { "name": "38832", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38832" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673" }, { "name": "oval:org.mitre.oval:def:11225", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225" }, { "name": "http://support.avaya.com/css/P8/documents/100071808", "refsource": "CONFIRM", "url": "http://support.avaya.com/css/P8/documents/100071808" }, { "name": "38794", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38794" }, { "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "name": "FEDORA-2009-13121", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=531213", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213" }, { "name": "38764", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38764" }, { "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode", "refsource": "CONFIRM", "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode" }, { "name": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J", "refsource": "CONFIRM", "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J" }, { "name": "oval:org.mitre.oval:def:19376", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376" }, { "name": "37255", "refsource": "BID", "url": "http://www.securityfocus.com/bid/37255" }, { "name": "SSRT101144", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2" }, { "name": "39593", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39593" }, { "name": "IZ71047", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047" }, { "name": "ADV-2010-0993", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0993" }, { "name": "DSA-1948", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1948" }, { "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc", "refsource": "CONFIRM", "url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc" }, { "name": "HPSBUX02639", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2" }, { "name": "1021781", "refsource": "SUNALERT", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1" }, { "name": "IZ68659", "refsource": "AIXAPAR", "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659" }, { "name": "SSRT100293", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2" }, { "name": "https://support.ntp.org/bugs/show_bug.cgi?id=1331", "refsource": "CONFIRM", "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331" }, { "name": "oval:org.mitre.oval:def:7076", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076" }, { "name": "37922", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37922" }, { "name": "NetBSD-SA2010-005", "refsource": "NETBSD", "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc" }, { "name": "38834", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38834" }, { "name": "FEDORA-2009-13090", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html" }, { "name": "http://security-tracker.debian.org/tracker/CVE-2009-3563", "refsource": "CONFIRM", "url": "http://security-tracker.debian.org/tracker/CVE-2009-3563" }, { "name": "1023298", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1023298" }, { "name": "oval:org.mitre.oval:def:12141", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141" }, { "name": "RHSA-2009:1651", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html" }, { "name": "37629", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37629" }, { "name": "RHSA-2010:0095", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691" }, { "name": "HPSBUX02859", "refsource": "HP", "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2" }, { "name": "[announce] 20091208 NTP 4.2.4p8 Released", "refsource": "MLIST", "url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html" }, { "name": "ADV-2010-0510", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0510" }, { "name": "RHSA-2009:1648", "refsource": "REDHAT", "url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html" }, { "name": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7", "refsource": "CONFIRM", "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7" }, { "name": "ADV-2010-0528", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0528" }, { "name": "VU#417980", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/417980" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.2.2p4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-3563" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2009:1651", "refsource": "REDHAT", "tags": [], "url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html" }, { "name": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7", "refsource": "CONFIRM", "tags": [], "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7" }, { "name": "DSA-1948", "refsource": "DEBIAN", "tags": [ "Patch" ], "url": "http://www.debian.org/security/2009/dsa-1948" }, { "name": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode", "refsource": "CONFIRM", "tags": [ "Patch" ], "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode" }, { "name": "1023298", "refsource": "SECTRACK", "tags": [], "url": "http://securitytracker.com/id?1023298" }, { "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074", "refsource": "CONFIRM", "tags": [], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074" }, { "name": "37255", "refsource": "BID", "tags": [ "Patch" ], "url": "http://www.securityfocus.com/bid/37255" }, { "name": "RHSA-2009:1648", "refsource": "REDHAT", "tags": [], "url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html" }, { "name": "[announce] 20091208 NTP 4.2.4p8 Released", "refsource": "MLIST", "tags": [], "url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html" }, { "name": "VU#568372", "refsource": "CERT-VN", "tags": [ "Patch", "US Government Resource" ], "url": "http://www.kb.cert.org/vuls/id/568372" }, { "name": "http://security-tracker.debian.org/tracker/CVE-2009-3563", "refsource": "CONFIRM", "tags": [], "url": "http://security-tracker.debian.org/tracker/CVE-2009-3563" }, { "name": "https://support.ntp.org/bugs/show_bug.cgi?id=1331", "refsource": "CONFIRM", "tags": [], "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331" }, { "name": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J", "refsource": "CONFIRM", "tags": [], "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J" }, { "name": "https://bugzilla.redhat.com/show_bug.cgi?id=531213", "refsource": "CONFIRM", "tags": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213" }, { "name": "FEDORA-2009-13121", "refsource": "FEDORA", "tags": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html" }, { "name": "FEDORA-2009-13090", "refsource": "FEDORA", "tags": [], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html" }, { "name": "RHSA-2010:0095", "refsource": "REDHAT", "tags": [], "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "name": "http://support.avaya.com/css/P8/documents/100071808", "refsource": "CONFIRM", "tags": [], "url": "http://support.avaya.com/css/P8/documents/100071808" }, { "name": "37922", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/37922" }, { "name": "IZ71047", "refsource": "AIXAPAR", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047" }, { "name": "37629", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/37629" }, { "name": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc", "refsource": "CONFIRM", "tags": [], "url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc" }, { "name": "ADV-2010-0510", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2010/0510" }, { "name": "38764", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/38764" }, { "name": "IZ68659", "refsource": "AIXAPAR", "tags": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659" }, { "name": "38794", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/38794" }, { "name": "ADV-2010-0528", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2010/0528" }, { "name": "38832", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/38832" }, { "name": "38834", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/38834" }, { "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "refsource": "MLIST", "tags": [], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "name": "NetBSD-SA2010-005", "refsource": "NETBSD", "tags": [], "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2010-005.txt.asc" }, { "name": "39593", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/39593" }, { "name": "ADV-2010-0993", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2010/0993" }, { "name": "1021781", "refsource": "SUNALERT", "tags": [], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1" }, { "name": "SSRT101144", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2" }, { "name": "HPSBUX02639", "refsource": "HP", "tags": [], "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691", "refsource": "CONFIRM", "tags": [], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691" }, { "name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673", "refsource": "CONFIRM", "tags": [], "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673" }, { "name": "oval:org.mitre.oval:def:7076", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076" }, { "name": "oval:org.mitre.oval:def:19376", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376" }, { "name": "oval:org.mitre.oval:def:12141", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141" }, { "name": "oval:org.mitre.oval:def:11225", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false } }, "lastModifiedDate": "2017-09-19T01:29Z", "publishedDate": "2009-12-09T18:30Z" } } }
var-200912-0769
Vulnerability from variot
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. A novel traffic-loop vulnerability has been identified against certain implementations of UDP-based applications protocols. An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources.CVE-2009-3563 Unknown CVE-2024-1309 Unknown CVE-2024-2169 AffectedCVE-2009-3563 Unknown CVE-2024-1309 Unknown CVE-2024-2169 Affected. NTP for, mode 7 A vulnerability exists due to packet processing. NTP Then "restrict ... noquery" or "restrict ... ignore" There are no restrictions due to the settings of IP From the address, an invalid mode 7 request or mode 7 If you receive an error response, mode 7 Returns and logs the error message. NTP The sender address was spoofed. mode 7 A vulnerability exists due to packet processing.Service operation obstruction by a remote third party (DoS) You may be attacked. NTP is prone to a remote denial-of-service vulnerability because it fails to properly handle certain incoming network packets. An attacker can exploit this issue to cause the application to consume excessive CPU resources and fill disk space with log messages. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when received by another ntpd.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
Updated Packages:
Mandriva Linux 2008.0: 7377623e9f89c5f6f6cc7af577974458 2008.0/i586/ntp-4.2.4-10.3mdv2008.0.i586.rpm 977fdaf289c9eff53fb6d563b8a60ede 2008.0/i586/ntp-client-4.2.4-10.3mdv2008.0.i586.rpm e2701dc192a578b141f9408d355522b6 2008.0/i586/ntp-doc-4.2.4-10.3mdv2008.0.i586.rpm 167e3a9dbf1bd10fd576e6a91a2cbc10 2008.0/SRPMS/ntp-4.2.4-10.3mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64: 4fa28ef04548ded3dc604ea61a671cc5 2008.0/x86_64/ntp-4.2.4-10.3mdv2008.0.x86_64.rpm b79353be7c2da1fadf3bc55c2c06a6a6 2008.0/x86_64/ntp-client-4.2.4-10.3mdv2008.0.x86_64.rpm c93dd45fc32ece044874c09aac85ce66 2008.0/x86_64/ntp-doc-4.2.4-10.3mdv2008.0.x86_64.rpm 167e3a9dbf1bd10fd576e6a91a2cbc10 2008.0/SRPMS/ntp-4.2.4-10.3mdv2008.0.src.rpm
Mandriva Linux 2009.0: 6a38837b845970b62520f48273362485 2009.0/i586/ntp-4.2.4-18.5mdv2009.0.i586.rpm 4f9d98a186c4ca4348f8296fde0bf174 2009.0/i586/ntp-client-4.2.4-18.5mdv2009.0.i586.rpm 0ae26de5f1bddba4c2718a55463d94b7 2009.0/i586/ntp-doc-4.2.4-18.5mdv2009.0.i586.rpm 45b55bdbde84289b20e295b9dbf188fb 2009.0/SRPMS/ntp-4.2.4-18.5mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64: e31f3f71e730e5777d9832cd76430b17 2009.0/x86_64/ntp-4.2.4-18.5mdv2009.0.x86_64.rpm 67a998da616d287fe9e15092bbd45ff6 2009.0/x86_64/ntp-client-4.2.4-18.5mdv2009.0.x86_64.rpm ab02dd7a3457f0ba75248390827c69a4 2009.0/x86_64/ntp-doc-4.2.4-18.5mdv2009.0.x86_64.rpm 45b55bdbde84289b20e295b9dbf188fb 2009.0/SRPMS/ntp-4.2.4-18.5mdv2009.0.src.rpm
Mandriva Linux 2009.1: b6597f0ee96ec99c7ddbe5e18a588e48 2009.1/i586/ntp-4.2.4-22.3mdv2009.1.i586.rpm 069667f851886c39daa0309a5e920619 2009.1/i586/ntp-client-4.2.4-22.3mdv2009.1.i586.rpm 9d5b87f008f00ad30b3c652e5f62eea2 2009.1/i586/ntp-doc-4.2.4-22.3mdv2009.1.i586.rpm e2686dd1237f529bb08f2837052fb46f 2009.1/SRPMS/ntp-4.2.4-22.3mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64: e88121b38c942c572b61ba7631130104 2009.1/x86_64/ntp-4.2.4-22.3mdv2009.1.x86_64.rpm c10eaf7ecbeb3b5db5eac978cb2ae78e 2009.1/x86_64/ntp-client-4.2.4-22.3mdv2009.1.x86_64.rpm 8ff34e79ed1f88fa2e7b7e8030232a30 2009.1/x86_64/ntp-doc-4.2.4-22.3mdv2009.1.x86_64.rpm e2686dd1237f529bb08f2837052fb46f 2009.1/SRPMS/ntp-4.2.4-22.3mdv2009.1.src.rpm
Mandriva Linux 2010.0: 2913258a9be65654a3ce5e16c1bd5b25 2010.0/i586/ntp-4.2.4-27.1mdv2010.0.i586.rpm 90cf8d7f8fb468461f8b8baf7d97daa4 2010.0/i586/ntp-client-4.2.4-27.1mdv2010.0.i586.rpm 0b8527559ef05049461cea2f5a83bd6d 2010.0/i586/ntp-doc-4.2.4-27.1mdv2010.0.i586.rpm 7bbd4271086ace434dd8a958bc7c2488 2010.0/SRPMS/ntp-4.2.4-27.1mdv2010.0.src.rpm
Mandriva Linux 2010.0/X86_64: 2e938e58d48f3f581ffaab085dacc1f2 2010.0/x86_64/ntp-4.2.4-27.1mdv2010.0.x86_64.rpm cde3421867c549169751f2964420a578 2010.0/x86_64/ntp-client-4.2.4-27.1mdv2010.0.x86_64.rpm d9799e7286a49420699d3995e8bc1e47 2010.0/x86_64/ntp-doc-4.2.4-27.1mdv2010.0.x86_64.rpm 7bbd4271086ace434dd8a958bc7c2488 2010.0/SRPMS/ntp-4.2.4-27.1mdv2010.0.src.rpm
Corporate 3.0: 65dda36544e7a43175abfd64aa725b34 corporate/3.0/i586/ntp-4.2.0-2.4.C30mdk.i586.rpm a485cad0631598335af0e89ea399ff9d corporate/3.0/SRPMS/ntp-4.2.0-2.4.C30mdk.src.rpm
Corporate 3.0/X86_64: 44130a38552f20b3f34d176c47aa5aab corporate/3.0/x86_64/ntp-4.2.0-2.4.C30mdk.x86_64.rpm a485cad0631598335af0e89ea399ff9d corporate/3.0/SRPMS/ntp-4.2.0-2.4.C30mdk.src.rpm
Corporate 4.0: a2f5a598865d390f7c537fc9e1a9a758 corporate/4.0/i586/ntp-4.2.0-21.7.20060mlcs4.i586.rpm f7eb3884bc0aa71f8237d9500d24489e corporate/4.0/i586/ntp-client-4.2.0-21.7.20060mlcs4.i586.rpm d2ed46d981570f66763f85c822b14179 corporate/4.0/SRPMS/ntp-4.2.0-21.7.20060mlcs4.src.rpm
Corporate 4.0/X86_64: 1bd4395c9c80b583bad4ce5085c0d557 corporate/4.0/x86_64/ntp-4.2.0-21.7.20060mlcs4.x86_64.rpm 95f812f672cf79fccee411154c23d6ee corporate/4.0/x86_64/ntp-client-4.2.0-21.7.20060mlcs4.x86_64.rpm d2ed46d981570f66763f85c822b14179 corporate/4.0/SRPMS/ntp-4.2.0-21.7.20060mlcs4.src.rpm
Mandriva Enterprise Server 5: 16e3975f3e4bb9a830eb1e8166f2fec7 mes5/i586/ntp-4.2.4-18.5mdvmes5.i586.rpm 2af9623d6f3685d54dd4db31f9622f7a mes5/i586/ntp-client-4.2.4-18.5mdvmes5.i586.rpm 5abb771d456b4094d123c5cf24701aee mes5/i586/ntp-doc-4.2.4-18.5mdvmes5.i586.rpm 086a05988392a6602c023f4e453bcc32 mes5/SRPMS/ntp-4.2.4-18.5mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64: 9b40b186bf9ebeb70c1350f9a158ac92 mes5/x86_64/ntp-4.2.4-18.5mdvmes5.x86_64.rpm f4a42229dc9b408b04f0c83aa3a25720 mes5/x86_64/ntp-client-4.2.4-18.5mdvmes5.x86_64.rpm 2022447e5d9dbf6ee1a6e594935b1d04 mes5/x86_64/ntp-doc-4.2.4-18.5mdvmes5.x86_64.rpm 086a05988392a6602c023f4e453bcc32 mes5/SRPMS/ntp-4.2.4-18.5mdvmes5.src.rpm
Multi Network Firewall 2.0: 56a2596fd513295f0700508c08a6a3da mnf/2.0/i586/ntp-4.2.0-2.4.C30mdk.i586.rpm f8218643f02c3168e0331852630835a0 mnf/2.0/SRPMS/ntp-4.2.0-2.4.C30mdk.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
iD8DBQFLHtsAmqjQ0CJFipgRAi1pAKDUH87qI312n3XHGnl4TgVNC+IuvACbBhUw nLO5FqSyfvZaqSNZ93vTSUw= =XCg1 -----END PGP SIGNATURE----- .
Product/Patch kit ITRC Download Location MD5 and SHA1 Checksum
HP Tru64 UNIX v 5.1B-4 PK6 (BL27) T64KIT1001787-V51BB27-ES-20100817 http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001787-V51BB27-ES-20100817 MD5 results: 2b3a21a96b7855d9ca223f483bd5bfed SHA1 results: ac2221c9d025008b258ac8592a210e16e775fbcf
HP Tru64 UNIX v 5.1B-5 PK7 (BL28) T64KIT1001786-V51BB28-ES-20100816 http://www13.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001786-V51BB28-ES-20100816 MD5 results: b34d028797577408d565da27d93c30a9 SHA1 results: b34d028797577408d565da27d93c30a9
Note: The patch kit installation instructions and the Patch Summary and Release Notes documents provide patch kit installation and removal instructions and a summary of each patch. Please read these documents prior to installing patches. =========================================================== Ubuntu Security Notice USN-867-1 December 08, 2009 ntp vulnerability CVE-2009-3563 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 6.06 LTS: ntp 1:4.2.0a+stable-8.1ubuntu6.3 ntp-server 1:4.2.0a+stable-8.1ubuntu6.3
Ubuntu 8.04 LTS: ntp 1:4.2.4p4+dfsg-3ubuntu2.3
Ubuntu 8.10: ntp 1:4.2.4p4+dfsg-6ubuntu2.4
Ubuntu 9.04: ntp 1:4.2.4p4+dfsg-7ubuntu5.2
Ubuntu 9.10: ntp 1:4.2.4p6+dfsg-1ubuntu5.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Robin Park and Dmitri Vinokurov discovered a logic error in ntpd.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.diff.gz
Size/MD5: 262833 1fdb567debfe1ce10ffc44ec492d4aa5
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.dsc
Size/MD5: 872 a6f59fefbf4050684aa38de8b24c54b3
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz
Size/MD5: 2272395 30f8b3d5b970c14dce5c6d8c922afa3e
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.0a+stable-8.1ubuntu6.3_all.deb
Size/MD5: 891204 35969710cca05eabef8399e53de0bdb5
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_amd64.deb
Size/MD5: 35022 cf299ac36cb52399b7b80a7aa6b00c77
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_amd64.deb
Size/MD5: 136402 14d2d9f6ec9a8f4edb2d674538b642a8
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_amd64.deb
Size/MD5: 270524 05dfaa4fdf895ebfdf61ee43d97ef9c6
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_amd64.deb
Size/MD5: 47932 ee2a72cdc8d20e545443bbcf086c6f82
http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_amd64.deb
Size/MD5: 224268 d9daac981b2dd6d16d69d4bfc0f1d4bf
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_i386.deb
Size/MD5: 33926 4a79ecdb4d1fa3d407fca23c00292a9d
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_i386.deb
Size/MD5: 121710 77db2cb6c9daa84d6174fbe277a96c44
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_i386.deb
Size/MD5: 256764 7aeb8e664a3ff16608fc880a108a8645
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_i386.deb
Size/MD5: 44598 1e3067b9f7fee43a3f0b18ec9d4b356b
http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_i386.deb
Size/MD5: 198516 a0066ee286571189f7f6099bd8a2c220
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb
Size/MD5: 37162 3b19f883b00809d36ae9bd79114955c1
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb
Size/MD5: 135184 d1419b2d9aff1392c78bab2911114c2a
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb
Size/MD5: 271468 856ffca2e1d79bfd730aec3bcc1ce497
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb
Size/MD5: 49266 2cee0d14d9d1deafb78b26041d1ed05a
http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb
Size/MD5: 222168 42ef5dfaddb9e1fe9b9933119cdbe9ab
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_sparc.deb
Size/MD5: 34428 09539a35a435d11f12ed9f5bd9534771
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_sparc.deb
Size/MD5: 126814 8e2066b695d32e08355bfdc0f571c705
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_sparc.deb
Size/MD5: 261652 1e4142216eb7ff527ce1f59b2ad2d0af
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_sparc.deb
Size/MD5: 46790 7d456f67bea9e6c3f2452a5d6a847f67
http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_sparc.deb
Size/MD5: 207566 433dca719ea61cca73b993a530299fae
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.diff.gz
Size/MD5: 287172 dfb60aa2cd60f61907856f5b50c8fc46
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.dsc
Size/MD5: 1046 251a7ead6fcf835535176b89ed7cc3d4
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-3ubuntu2.3_all.deb
Size/MD5: 928116 28eb96c89717c9fdfe39b3f140428484
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb
Size/MD5: 477388 bc91b335e5963954d4284d0b57b37c40
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb
Size/MD5: 65194 185195f8e2df78f7dfbba5b88be482ce
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_i386.deb
Size/MD5: 432592 0ec673d7b4507cb992091a7b63007826
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_i386.deb
Size/MD5: 61224 fbf4533c390ea05b7149e370815983e1
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb
Size/MD5: 435450 1be0d440cf6bcf5048139c856b85106b
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb
Size/MD5: 61184 a1b2a4c34beee7210e322b2f05d94095
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb
Size/MD5: 490538 e6adb5a7bde67fc04b543664e6ef748f
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb
Size/MD5: 66780 35b709a20016e07b383362610ae2b45a
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb
Size/MD5: 442346 212fc209067ce419756fa2d6f486fd33
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb
Size/MD5: 61964 7937872f5231323d82c98f0ace751a79
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.diff.gz
Size/MD5: 305723 ea6556c8f4053f2abd79e4cf96633a65
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.dsc
Size/MD5: 1555 fa669b54aac2751215e1fbac226bf51e
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-6ubuntu2.4_all.deb
Size/MD5: 928754 eaa802a30b795ce27417c0f8fd612564
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb
Size/MD5: 487270 83aef0ae73d841ca98c1aff95b68b974
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb
Size/MD5: 66118 b1d338d727c1fbb479a0298e67cf920c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_i386.deb
Size/MD5: 442316 9441f50fefcd831651417c8e66353769
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_i386.deb
Size/MD5: 62320 67f26e8efd2233911b3ee5d5c779da52
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb
Size/MD5: 441714 cc6ffa5cf9f82b707ebf77291c0c7c2b
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb
Size/MD5: 62086 d4c4d6efa2ae6c85b400d73bd39cac8d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb
Size/MD5: 491332 f4016ec402c0665df5241555af9a04ed
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb
Size/MD5: 67198 47c3dd10eae821a9d1abcf77a85d6651
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb
Size/MD5: 449572 4a168bf44988c1da63a39bd14b17b682
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb
Size/MD5: 62834 0ae1f43f7f327de4ab787c911f0fd1ca
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.diff.gz
Size/MD5: 306032 90b99d80d9e52e4db7e30b96002834b4
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.dsc
Size/MD5: 1556 b6f57df7732c6fd3a29de6d4c65c421d
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz
Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-7ubuntu5.2_all.deb
Size/MD5: 929066 4230567b7ef012596cd5e291df13df76
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb
Size/MD5: 487628 3789b894fe98014ed8b62fc910088d2a
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb
Size/MD5: 66442 b43e6e46f0c035961fa2e382bd883fe2
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_i386.deb
Size/MD5: 442634 efaf8cc0f84114fe6d426827f22e3db4
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_i386.deb
Size/MD5: 62642 7c9ce030867f9809b49634bdcc2a57a3
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb
Size/MD5: 442086 4dd3ea7d09c746a592b0b622f4fcb753
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb
Size/MD5: 62410 77fa9c143489ea55da37adcd9f268e6b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb
Size/MD5: 491526 d04d12ed5ebc7968a90894d92ca094c6
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb
Size/MD5: 67530 55cffc037f6a88b24abd399925e700c3
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb
Size/MD5: 449666 7dbdc0aa05e90a9363dfcae003c3e531
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb
Size/MD5: 63156 4647b041df35cabb86fb0789e3a083ce
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.diff.gz
Size/MD5: 344395 26dd6961151053346b36474a18d6412f
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.dsc
Size/MD5: 1575 c86cc4fe026ee6830d6564cabeaedc61
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg.orig.tar.gz
Size/MD5: 2836728 bddc66cdc7c35c0cb22cc84cad770c65
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p6+dfsg-1ubuntu5.1_all.deb
Size/MD5: 931324 bcc11545b9399ca7e09268a85fd6eabf
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb
Size/MD5: 529994 c766915925a1cccbd27332232a45e016
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb
Size/MD5: 70098 968cdde0e47a775cf13b922c7f2308f5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_i386.deb
Size/MD5: 490892 83e3785020b3cb659b6559cb51632333
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_i386.deb
Size/MD5: 66770 34bd54ff829c032049dc8d7340984b4c
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb
Size/MD5: 487552 f7ad919e64533aed59112c2fe5c49fd9
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb
Size/MD5: 66316 4a2cd9cdf5cfa46ad3784c37f7c29502
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb
Size/MD5: 528880 401e4a455acdf2a14c5f556e8cae1911
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb
Size/MD5: 69390 9e0e3535fbe3ffe61be245ddd22e5d6c
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb
Size/MD5: 499646 6059b8a5f9f216b8de00eed901af902e
http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb
Size/MD5: 67272 8d04c1e93ca4acd7a4eaac04008326b3
. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
VMware Security Advisory
Advisory ID: VMSA-2010-0009 Synopsis: ESXi ntp and ESX Service Console third party updates Issue date: 2010-05-27 Updated on: 2010-05-27 (initial release of advisory) CVE numbers: CVE-2009-2695 CVE-2009-2908 CVE-2009-3228 CVE-2009-3286 CVE-2009-3547 CVE-2009-3613 CVE-2009-3612 CVE-2009-3620 CVE-2009-3621 CVE-2009-3726 CVE-2007-4567 CVE-2009-4536 CVE-2009-4537 CVE-2009-4538 CVE-2006-6304 CVE-2009-2910 CVE-2009-3080 CVE-2009-3556 CVE-2009-3889 CVE-2009-3939 CVE-2009-4020 CVE-2009-4021 CVE-2009-4138 CVE-2009-4141 CVE-2009-4272 CVE-2009-3563 CVE-2009-4355 CVE-2009-2409 CVE-2009-0590 CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-1386 CVE-2009-1387 CVE-2009-4212 CVE-2009-1384 CVE-2010-0097 CVE-2010-0290 CVE-2009-3736 CVE-2010-0001 CVE-2010-0426 CVE-2010-0427 CVE-2010-0382
- Summary
ESXi update for ntp and ESX Console OS (COS) updates for COS kernel, openssl, krb5, gcc, bind, gzip, sudo.
- Relevant releases
VMware ESX 4.0.0 without patches ESX400-201005401-SG, ESX400-201005406-SG, ESX400-201005408-SG, ESX400-201005407-SG, ESX400-201005405-SG, ESX400-201005409-SG
- Problem Description
a. Service Console update for COS kernel
Updated COS package "kernel" addresses the security issues that are
fixed through versions 2.6.18-164.11.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228,
CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues
fixed in kernel 2.6.18-164.6.1
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621,
CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537,
CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080,
CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020,
CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to
the security issues fixed in kernel 2.6.18-164.11.1.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-201005401-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
ESX 2.5.5 ESX not applicable
vMA 4.0 RHEL5 affected, patch pending
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
b. ESXi userworld update for ntp
The Network Time Protocol (NTP) is used to synchronize the time of
a computer client or server to another server or reference time
source.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-3563 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi 4.0 ESXi ESXi400-201005401-SG
ESXi 3.5 ESXi affected, patch pending
ESX any ESX not applicable
vMA any RHEL5 not applicable
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
c. Service Console package openssl updated to 0.9.8e-12.el5_4.1
OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with
full-strength cryptography world-wide.
A memory leak in the zlib could allow a remote attacker to cause a
denial of service (memory consumption) via vectors that trigger
incorrect calls to the CRYPTO_cleanup_all_ex_data function.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-4355 to this issue.
A vulnerability was discovered which may allow remote attackers to
spoof certificates by using MD2 design flaws to generate a hash
collision in less than brute-force time. NOTE: the scope of this
issue is currently limited because the amount of computation
required is still large.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-2409 to this issue.
This update also includes security fixes that were first addressed
in version openssl-0.9.8e-12.el5.i386.rpm.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the names CVE-2009-0590, CVE-2009-1377, CVE-2009-1378,
CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387 to these issues.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-201005401-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
ESX 2.5.5 ESX not applicable
vMA 4.0 RHEL5 affected, patch pending**
- hosted products are VMware Workstation, Player, ACE, Server, Fusion. ** see VMSA-2010-0004
d. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to 2.2.14-15.
Kerberos is a network authentication protocol. It is designed to
provide strong authentication for client/server applications by
using secret-key cryptography.
Multiple integer underflows in the AES and RC4 functionality in the
crypto library could allow remote attackers to cause a denial of
service (daemon crash) or possibly execute arbitrary code by
providing ciphertext with a length that is too short to be valid.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-4212 to this issue.
The service console package for pam_krb5 is updated to version
pam_krb5-2.2.14-15. This update fixes a flaw found in pam_krb5. In
some non-default configurations (specifically, where pam_krb5 would
be the first module to prompt for a password), a remote attacker
could use this flaw to recognize valid usernames, which would aid a
dictionary-based password guess attack.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-1384 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-201005406-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 affected, patch pending
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
e. Service Console package bind updated to 9.3.6-4.P1.el5_4.2
BIND (Berkeley Internet Name Daemon) is by far the most widely used
Domain Name System (DNS) software on the Internet.
A vulnerability was discovered which could allow remote attacker to
add the Authenticated Data (AD) flag to a forged NXDOMAIN response
for an existing domain.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-0097 to this issue.
A vulnerability was discovered which could allow remote attackers
to conduct DNS cache poisoning attacks by receiving a recursive
client query and sending a response that contains CNAME or DNAME
records, which do not have the intended validation before caching.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-0290 to this issue.
A vulnerability was found in the way that bind handles out-of-
bailiwick data accompanying a secure response without re-fetching
from the original source, which could allow remote attackers to
have an unspecified impact via a crafted response.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-0382 to this issue.
NOTE: ESX does not use the BIND name service daemon by default.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-201005408-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
ESX 2.5.5 ESX not applicable
vMA 4.0 RHEL5 affected, patch pending
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
f. Service Console package gcc updated to 3.2.3-60
The GNU Compiler Collection includes front ends for C, C++,
Objective-C, Fortran, Java, and Ada, as well as libraries for these
languages
GNU Libtool's ltdl.c attempts to open .la library files in the
current working directory. This could allow a local user to gain
privileges via a Trojan horse file. The GNU C Compiler collection
(gcc) provided in ESX contains a statically linked version of the
vulnerable code, and is being replaced.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2009-3736 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not applicable
ESX 4.0 ESX ESX400-201005407-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 affected, patch pending
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
g. Service Console package gzip update to 1.3.3-15.rhel3
gzip is a software application used for file compression
An integer underflow in gzip's unlzw function on 64-bit platforms
may allow a remote attacker to trigger an array index error
leading to a denial of service (application crash) or possibly
execute arbitrary code via a crafted LZW compressed file.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-0001 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-201005405-SG
ESX 3.5 ESX affected, patch pending
ESX 3.0.3 ESX affected, patch pending
ESX 2.5.5 ESX affected, patch pending
vMA 4.0 RHEL5 affected, patch pending
- hosted products are VMware Workstation, Player, ACE, Server, Fusion.
h. Service Console package sudo updated to 1.6.9p17-6.el5_4
Sudo (su "do") allows a system administrator to delegate authority
to give certain users (or groups of users) the ability to run some
(or all) commands as root or another user while providing an audit
trail of the commands and their arguments.
When a pseudo-command is enabled, sudo permits a match between the
name of the pseudo-command and the name of an executable file in an
arbitrary directory, which allows local users to gain privileges
via a crafted executable file.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-0426 to this issue.
When the runas_default option is used, sudo does not properly set
group memberships, which allows local users to gain privileges via
a sudo command.
The Common Vulnerabilities and Exposures Project (cve.mitre.org)
has assigned the name CVE-2010-0427 to this issue.
Column 4 of the following table lists the action required to
remediate the vulnerability in each release, if a solution is
available.
VMware Product Running Replace with/
Product Version on Apply Patch
============= ======== ======= =================
VirtualCenter any Windows not affected
hosted * any any not affected
ESXi any ESXi not affected
ESX 4.0 ESX ESX400-201005409-SG
ESX 3.5 ESX not applicable
ESX 3.0.3 ESX not applicable
ESX 2.5.5 ESX not applicable
vMA 4.0 RHEL5 affected, patch pending
-
hosted products are VMware Workstation, Player, ACE, Server, Fusion.
-
Solution
Please review the patch/release notes for your product and version and verify the md5sum of your downloaded file.
ESX 4.0
http://bit.ly/aqTCqn md5sum: ace37cd8d7c6388edcea2798ba8be939 sha1sum: 8fe7312fe74a435e824d879d4f1ff33df25cee78 http://kb.vmware.com/kb/1013127
Note ESX400-201005001 contains the following security bulletins ESX400-201005404-SG (ntp), ESX400-201005405-SG (gzip), ESX400-201005408-SG (bind), ESX400-201005401-SG (kernel, openssl), ESX400-201005406-SG (krb5, pam_krb5), ESX400-201005402-SG (JRE), ESX400-201005403-SG (expat), ESX400-201005409-SG (sudo), ESX400-201005407-SG (gcc).
- References
CVE numbers http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2695 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2908 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3286 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3613 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3612 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3621 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3726 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4536 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4537 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4538 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6304 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2910 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3080 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3556 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3889 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3939 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4020 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4138 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4272 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1387 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0290 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0001 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0427 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0382
- Change log
2010-05-27 VMSA-2010-0009 Initial security advisory after release of patch 06 bulletins for ESX 4.0 on 2010-05-27
- Contact
E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
- security-announce at lists.vmware.com
- bugtraq at securityfocus.com
- full-disclosure at lists.grok.org.uk
E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055
VMware Security Center http://www.vmware.com/security
VMware security response policy http://www.vmware.com/support/policies/security_response.html
General support life cycle policy http://www.vmware.com/support/policies/eos.html
VMware Infrastructure support life cycle policy http://www.vmware.com/support/policies/eos_vi.html
Copyright 2010 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32)
iEYEARECAAYFAkv/V8IACgkQS2KysvBH1xnqNgCcCwwelsQK6DQjcTc2wnIPp0EW E70An2gfkiCQ5FNqvf3y+kNredxyVZwI =JW3s -----END PGP SIGNATURE----- . Corrected: 2010-01-06 21:45:30 UTC (RELENG_8, 8.0-STABLE) 2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2) 2010-01-06 21:45:30 UTC (RELENG_7, 7.2-STABLE) 2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6) 2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10) 2010-01-06 21:45:30 UTC (RELENG_6, 6.4-STABLE) 2010-01-06 21:45:30 UTC (RELENG_6_4, 6.4-RELEASE-p9) 2010-01-06 21:45:30 UTC (RELENG_6_3, 6.3-RELEASE-p15) CVE Name: CVE-2009-3563
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit
II.
III.
IV. Workaround
Proper filtering of mode 7 NTP packets by a firewall can limit the number of systems used to attack your resources. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE, or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 6.3, 6.4, 7.1, 7.2, and 8.0 systems.
a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility.
fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch
fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch.asc
b) Execute the following commands as root:
cd /usr/src
patch < /path/to/patch
cd /usr/src/usr.sbin/ntp/ntpd
make obj && make depend && make && make install
/etc/rc.d/ntpd restart
VI. Correction details
The following list contains the revision numbers of each file that was corrected in FreeBSD.
CVS:
Branch Revision Path
RELENG_6 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.2 RELENG_6_4 src/UPDATING 1.416.2.40.2.13 src/sys/conf/newvers.sh 1.69.2.18.2.15 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.1.2.1 RELENG_6_3 src/UPDATING 1.416.2.37.2.20 src/sys/conf/newvers.sh 1.69.2.15.2.19 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.20.1 RELENG_7 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.2 RELENG_7_2 src/UPDATING 1.507.2.23.2.9 src/sys/conf/newvers.sh 1.72.2.11.2.10 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.4.1 RELENG_7_1 src/UPDATING 1.507.2.13.2.13 src/sys/conf/newvers.sh 1.72.2.9.2.14 src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.2.1 RELENG_8 src/contrib/ntp/ntpd/ntp_request.c 1.2.2.1 RELENG_8_0 src/UPDATING 1.632.2.7.2.5 src/sys/conf/newvers.sh 1.83.2.6.2.5 src/contrib/ntp/ntpd/ntp_request.c 1.2.4.1
Subversion:
Branch/path Revision
stable/6/ r201679 releng/6.4/ r201679 releng/6.3/ r201679 stable/7/ r201679 releng/7.2/ r201679 releng/7.1/ r201679 stable/8/ r201679 releng/8.0/ r201679 head/ r200576
VII.
Release Date: 2011-03-28 Last Updated: 2011-03-24
Potential Security Impact: Remote Denial of Service (DoS)
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS).
References: CVE-2009-3563
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP-UX B.11.11, B.11.23, B.11.31 running XNTP.
BACKGROUND
CVSS 2.0 Base Metrics
Reference Base Vector Base Score CVE-2009-3563 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has provided the following patches to resolve this vulnerability. The patches are available by contacting HP Support.
http://itrc.hp.com
HP-UX Release / Patch ID
B.11.11 (11i v1) / PHNE_41907
B.11.23 (11i v2) / PHNE_41908
B.11.31 (11i v3) / PHNE_41177
MANUAL ACTIONS: No
PRODUCT SPECIFIC INFORMATION
HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa
The following text is for use by the HP-UX Software Assistant.
AFFECTED VERSIONS
HP-UX B.11.11
InternetSrvcs.INETSVCS-BOOT action: install patch PHNE_41907 or subsequent
HP-UX B.11.23
InternetSrvcs.INETSVCS2-BOOT action: install patch PHNE_41908 or subsequent
HP-UX B.11.31
NTP.NTP-RUN action: install patch PHNE_41177 or subsequent
END AFFECTED VERSIONS
HISTORY Version:1 (rev.1) 28 March 2011 Initial release
Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy.
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. To get the security-alert PGP key, please send an e-mail message as follows: To: security-alert@hp.com Subject: get key Subscribe: To initiate a subscription to receive future HP Security Bulletins via Email: http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC On the web page: ITRC security bulletins and patch sign-up Under Step1: your ITRC security bulletins and patches -check ALL categories for which alerts are required and continue. Under Step2: your ITRC operating systems -verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php Log in on the web page: Subscriber's choice for Business: sign-in. On the web page: Subscriber's Choice: your profile summary - use Edit Profile to update appropriate sections.
To review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do
- The Software Product Category that this Security Bulletin relates to is represented by the 5th and 6th characters of the Bulletin number in the title:
GN = HP General SW MA = HP Management Agents MI = Misc. 3rd Party SW MP = HP MPE/iX NS = HP NonStop Servers OV = HP OpenVMS PI = HP Printing & Imaging ST = HP Storage SW TL = HP Trusted Linux TU = HP Tru64 UNIX UX = HP-UX VV = HP VirtualVault
System management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user's use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement."
Copyright 2009 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners.
Workaround
There is no known workaround at this time.
Resolution
All NTP users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/ntp-4.2.4_p7-r1"
References
[ 1 ] CVE-2009-3563 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201001-01.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. The upgrade is available by downloading from software.hp.com -> HPUX 11i Software -> Internet ready and networking -> HP-UX Network Time Protocol version 4 or directly from https://h20392.www2.hp.com/portal/swdepot/displayP roductInfo.do?productNumber=HPUX-NTP Review the Installation link at the bottom of the page. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200912-0769", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "unified communications manager 5.1", "scope": null, "trust": 2.1, "vendor": "cisco", "version": null }, { "model": "ntp", "scope": "eq", "trust": 1.9, "vendor": "ntp", "version": "4.1.2" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.2.2p2" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.0.91" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.2.2p3" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.0.93" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.2.2p1" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.0.73" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.0.92" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.0.90" }, { "model": "ntp", "scope": "eq", "trust": 1.6, "vendor": "ntp", "version": "4.0.94" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.0.72" }, { "model": "ntp", "scope": "lte", "trust": 1.0, "vendor": "ntp", "version": "4.2.2p4" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.0.96" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.0.99" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.0.97" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.2.2" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.2.0" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.0.95" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.2.5" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.0.98" }, { "model": "ntp", "scope": "eq", "trust": 1.0, "vendor": "ntp", "version": "4.1.0" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "apple", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "cisco", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "debian gnu linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "gentoo linux", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "meinberg funkuhren", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "qnx", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "red hat", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "sun microsystems", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "the sco group", "version": null }, { "model": null, "scope": null, "trust": 0.8, "vendor": "ubuntu", "version": null }, { "model": "sparc", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "sun solaris", "scope": null, "trust": 0.8, "vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba", "version": null }, { "model": "aix", "scope": null, "trust": 0.8, "vendor": "ibm", "version": null }, { "model": "asianux server", "scope": null, "trust": 0.8, "vendor": "\u30b5\u30a4\u30d0\u30fc\u30c8\u30e9\u30b9\u30c8\u682a\u5f0f\u4f1a\u793e", "version": null }, { "model": "red hat enterprise linux", "scope": null, "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": null }, { "model": "securebranch", "scope": null, "trust": 0.8, "vendor": "\u65e5\u672c\u96fb\u6c17", "version": null }, { "model": "ntp", "scope": null, "trust": 0.8, "vendor": "ntp", "version": null }, { "model": "hp tru64 unix", "scope": null, "trust": 0.8, "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9", "version": null }, { "model": "netshelter\u30b7\u30ea\u30fc\u30ba", "scope": null, "trust": 0.8, "vendor": "\u5bcc\u58eb\u901a", "version": null }, { "model": "ip8800/s,/r", "scope": null, "trust": 0.8, "vendor": "\u65e5\u672c\u96fb\u6c17", "version": null }, { "model": "ipcom\u30b7\u30ea\u30fc\u30ba", "scope": null, "trust": 0.8, "vendor": "\u5bcc\u58eb\u901a", "version": null }, { "model": "netra sparc", "scope": null, "trust": 0.8, "vendor": "\u30aa\u30e9\u30af\u30eb", "version": null }, { "model": "red hat enterprise linux desktop", "scope": null, "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": null }, { "model": "hp-ux", "scope": null, "trust": 0.8, "vendor": "\u30d2\u30e5\u30fc\u30ec\u30c3\u30c8 \u30d1\u30c3\u30ab\u30fc\u30c9", "version": null }, { "model": "red hat enterprise linux eus", "scope": null, "trust": 0.8, "vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8", "version": null }, { "model": "opensolaris", "scope": null, "trust": 0.8, "vendor": "\u30b5\u30f3 \u30de\u30a4\u30af\u30ed\u30b7\u30b9\u30c6\u30e0\u30ba", "version": null }, { "model": "unified communications manager su1", "scope": "eq", "trust": 0.6, "vendor": "cisco", "version": "6.1" }, { "model": "unified callmanager 4.3 sr1a", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "opensolaris build snv 131", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "unified meetingplace express", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "opensolaris build snv 95", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "-release-p2", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "opensolaris build snv 54", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 93", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "tcp/ip services for openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.4" }, { "model": "networks enterprise voip tm-cs1000", "scope": null, "trust": 0.3, "vendor": "nortel", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1.1" }, { "model": "netbsd", "scope": "eq", "trust": 0.3, "vendor": "netbsd", "version": "4.0" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.3" }, { "model": "rtos", "scope": "eq", "trust": 0.3, "vendor": "qnx", "version": "6.1" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.0.3" }, { "model": "ace appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "opensolaris build snv 121", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.5" }, { "model": "big-ip application security manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.7" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.0.5" }, { "model": "opensolaris build snv 99", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "15.0" }, { "model": "rtos", "scope": "eq", "trust": 0.3, "vendor": "qnx", "version": "6.3.2" }, { "model": "unified callmanager 4.1 sr5", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "netbsd", "scope": "eq", "trust": 0.3, "vendor": "netbsd", "version": "4.0.2" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.7" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2.2" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.6.1" }, { "model": "solaris 8 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.3" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "unified callmanager 3.3 sr2a", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "aura system platform", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "6.0" }, { "model": "opensolaris build snv 100", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 124", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 123", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.0" }, { "model": "big-ip build", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.2413.1" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "opensolaris build snv 49", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "-release-p5", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.0.17" }, { "model": "opensolaris build snv 114", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "9.1" }, { "model": "opensolaris build snv 128", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 85", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 19", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "nexus", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "70000" }, { "model": "opensolaris build snv 107", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "wireless location appliance", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "opensolaris build snv 45", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "-prerelease", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "unified communications", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5000" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "meeting exchange sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "14.1" }, { "model": "vma", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "opensolaris build snv 78", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "opensolaris build snv 108", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "rtos", "scope": "ne", "trust": 0.3, "vendor": "qnx", "version": "6.4.2" }, { "model": "opensolaris build snv 28", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "big-ip application security manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.8" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.2" }, { "model": "unified callmanager sr5c", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.3" }, { "model": "unified callmanager 3.3 sr2b", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "opensolaris build snv 89", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "6.3-release-p10", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "1.0" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.6" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.0" }, { "model": "opensolaris build snv 39", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "message networking mn", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "-release-p8", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "p1", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "linux lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.04" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "14.0" }, { "model": "opensolaris build snv 90", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 68", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "unified communications manager 7.0", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.3" }, { "model": "tcp/ip services for openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.5" }, { "model": "6.3-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "opensolaris build snv 67", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 120", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 51", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "7.2-rc2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.6" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.1(3)" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.0(1)" }, { "model": "7.0-release-p12", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified callmanager 4.1 sr8a", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.1" }, { "model": "unified callmanager 4.3 sr1", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "aura system platform sp1.1", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "rtos", "scope": "eq", "trust": 0.3, "vendor": "qnx", "version": "6.2.1" }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "opensolaris build snv 77", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 61", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "7.1-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "opensolaris build snv 82", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "7.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "opensolaris build snv 29", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "meeting exchange sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "opensolaris build snv 41", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "big-ip application security manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.5" }, { "model": "ace xml gateway", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "multi network firewall", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "2.0" }, { "model": "unified callmanager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.0" }, { "model": "opensolaris build snv 126", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "7.2-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "esxi server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "3.5" }, { "model": "netbsd", "scope": "eq", "trust": 0.3, "vendor": "netbsd", "version": "5.0.1" }, { "model": "7.1-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "7.0-release-p8", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "voice portal sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "opensolaris build snv 35", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "tcp/ip services for openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.6" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.0(2)" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.2" }, { "model": "unified callmanager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.0(4)" }, { "model": "ctpos 6.6r2", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "intuity audix lx sp2", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "enterprise linux desktop version", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "mds", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "95000" }, { "model": "unified callmanager 3.3 sr3", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "tcp/ip services for openvms i64", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.5" }, { "model": "unified callmanager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "opensolaris build snv 130", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "7.1-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "enterprise linux desktop client", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "opensolaris build snv 105", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "unified communications manager 6.1", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "-pre-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.0.19" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "messaging storage server", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "unified callmanager 4.1 sr4", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.1(2)" }, { "model": "opensolaris build snv 88", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "8.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "unified communications manager 7.1 su1", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "sparc t3-1b", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "0" }, { "model": "unified callmanager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.0" }, { "model": "unified callmanager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.1" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "0" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "netbsd", "scope": "eq", "trust": 0.3, "vendor": "netbsd", "version": "5.0" }, { "model": "unified callmanager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.0(3)" }, { "model": "cms server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "16.0" }, { "model": "opensolaris build snv 111", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.2" }, { "model": "opensolaris build snv 118", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "opensolaris build snv 59", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "7.2-prerelease", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "8.1" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.0.18" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.1" }, { "model": "opensolaris build snv 112", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "corporate server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "sparc t3-2", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "4.0" }, { "model": "7.2-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.0" }, { "model": "solaris 8 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.1(3)" }, { "model": "p8", "scope": "ne", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "solaris 10 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 96", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "rtos", "scope": "eq", "trust": 0.3, "vendor": "qnx", "version": "6.4" }, { "model": "tcp/ip services for openvms alpha", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.7" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "appliance platform linux service", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "1" }, { "model": "netra sparc t3-1b", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "0" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.1(4)" }, { "model": "linux alpha", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "-release-p3", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "opensolaris build snv 132", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "rtos", "scope": "eq", "trust": 0.3, "vendor": "qnx", "version": "6.3" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "opensolaris build snv 36", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "opensolaris build snv 48", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2.1" }, { "model": "linux enterprise server", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "9" }, { "model": "-release-p1", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.1" }, { "model": "tcp/ip services for openvms i64", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.4" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.3" }, { "model": "opensolaris build snv 94", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "unified communications manager 4.3 sr1b", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "esx server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "unified callmanager 4.1 sr7", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "-release-p6", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "opensolaris build snv 50", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "rtos update patch a", "scope": "eq", "trust": 0.3, "vendor": "qnx", "version": "6.2" }, { "model": "unified callmanager 4.2 sr4b", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "8.0-stable", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1" }, { "model": "7.1-release-p6", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.0.1" }, { "model": "-release-p9", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "corporate server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "3.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "wide area application services 4.1.1b", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified communications manager sr4", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "enterprise server x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "10.0" }, { "model": "aura communication manager", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.6" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1.4" }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.1" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.4" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.04" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.9" }, { "model": "opensolaris build snv 01", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "message networking", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "opensolaris build snv 92", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux x86 64 -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "2" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.1.1" }, { "model": "rtos", "scope": "eq", "trust": 0.3, "vendor": "qnx", "version": "4.25" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.0.2" }, { "model": "opensolaris build snv 83", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.1" }, { "model": "opensolaris build snv 106", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "6.4-release-p2", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "opensolaris build snv 125", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "7.0-release-p3", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "-stable", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "telepresence readiness assessment manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "1.0" }, { "model": "netbsd", "scope": "eq", "trust": 0.3, "vendor": "netbsd", "version": "4.0.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "9.0" }, { "model": "enterprise server", "scope": "eq", "trust": 0.3, "vendor": "mandrakesoft", "version": "5" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.0.9" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0.2" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.3.1" }, { "model": "idp 5.1r4", "scope": "ne", "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "messaging storage server", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "pardus", "version": "20080" }, { "model": "enterprise linux es", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "meeting exchange", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "6.4-release-p4", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "opensolaris build snv 76", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.1(2)" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3" }, { "model": "proactive contact", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "7.0-release", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "opensolaris build snv 101a", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.10" }, { "model": "opensolaris build snv 111a", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 87", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2010.0" }, { "model": "opensolaris build snv 113", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux mandrake", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2009.0" }, { "model": "opensolaris build snv 57", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "-releng", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "unified communication manager business edition", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.0.4" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0.x" }, { "model": "meetingplace", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "appliance platform linux service", "scope": "eq", "trust": 0.3, "vendor": "rpath", "version": "2" }, { "model": "opensolaris build snv 119", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.0.13" }, { "model": "linux lts sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "10.1" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "10.2" }, { "model": "opensolaris build snv 110", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "unified communications manager 4.2 sr2", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "opensolaris build snv 71", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.1" }, { "model": "linux lts lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.8" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.04" }, { "model": "sparc t3-4", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "0" }, { "model": "rtos", "scope": "eq", "trust": 0.3, "vendor": "qnx", "version": "6.4.1" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.3(2)" }, { "model": "unified communications manager 4.3 sr1", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "telepresence recording server", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "unified callmanager 5.0", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "enterprise linux as", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "unified callmanager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.1" }, { "model": "unified callmanager 5.0 su1", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified callmanager 4.1 sr8", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "big-ip application security manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.3" }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "opensolaris build snv 122", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "tcp/ip services for openvms i64", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.6" }, { "model": "big-ip application security manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.6" }, { "model": "hp-ux b.11.31", "scope": null, "trust": 0.3, "vendor": "hp", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "opensolaris build snv 109", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.2.5" }, { "model": "linux hppa", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "digital media player", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "opensolaris build snv 102", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.04" }, { "model": "solaris 9 sparc", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 02", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "unified callmanager sr5b", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.1" }, { "model": "6.0-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux mipsel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.10" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.2.2" }, { "model": "4.2.0.a", "scope": null, "trust": 0.3, "vendor": "ntp", "version": null }, { "model": "opensolaris build snv 80", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "opensolaris build snv 104", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "ip interoperability \u0026 communications system ipics", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.10" }, { "model": "netra sparc t3-1", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "0" }, { "model": "opensolaris build snv 56", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 38", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux x86 64", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "unified communications manager sr2b", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "rtos", "scope": "eq", "trust": 0.3, "vendor": "qnx", "version": "6.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "12.0" }, { "model": "sparc t3-1", "scope": "eq", "trust": 0.3, "vendor": "sun", "version": "0" }, { "model": "opensolaris build snv 129", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "rtos sp3", "scope": "eq", "trust": 0.3, "vendor": "qnx", "version": "6.3.0" }, { "model": "aura application enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "5.2" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "10.0" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.0" }, { "model": "unified callmanager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.0(2)" }, { "model": "intuity audix lx r1.1", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "6.06" }, { "model": "beta4", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "7.0" }, { "model": "rtos", "scope": "eq", "trust": 0.3, "vendor": "qnx", "version": "2.4" }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "7.1" }, { "model": "-release", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.4" }, { "model": "unified callmanager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "3.3" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "6.1.2" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.10" }, { "model": "intuity audix lx", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "1.0" }, { "model": "linux lts powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.04" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.2.3.30" }, { "model": "tcp/ip services for openvms i64", "scope": "eq", "trust": 0.3, "vendor": "hp", "version": "5.7" }, { "model": "7.2-release-p1", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "big-ip application security manager", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.4.4" }, { "model": "opensolaris build snv 84", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "11.0" }, { "model": "intuity audix lx sp1", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "linux enterprise server sp2", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "messaging storage server mm3.0", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "ace application control engine", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "47000" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.1" }, { "model": "opensolaris build snv 98", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 117", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 133", "scope": "ne", "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 58", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "linux -current", "scope": null, "trust": 0.3, "vendor": "slackware", "version": null }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "aura sip enablement services", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.0" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.2.3" }, { "model": "opensolaris build snv 86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "nexus", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "50000" }, { "model": "opensolaris build snv 22", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.10" }, { "model": "opensolaris build snv 81", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "slackware", "version": "13.0" }, { "model": "message networking", "scope": null, "trust": 0.3, "vendor": "avaya", "version": null }, { "model": "opensolaris build snv 103", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "esxi server", "scope": "eq", "trust": 0.3, "vendor": "vmware", "version": "4.0" }, { "model": "unified callmanager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.0" }, { "model": "ctpos 6.6r1", "scope": null, "trust": 0.3, "vendor": "juniper", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.1(1)" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "7.0-release-p11", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "beta2", "scope": "eq", "trust": 0.3, "vendor": "netbsd", "version": "4.0" }, { "model": "opensolaris build snv 13", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "unified communications manager 4.3 sr.1", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.1(1)" }, { "model": "unified callmanager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "5.0(1)" }, { "model": "enterprise linux server", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "5" }, { "model": "p4", "scope": "eq", "trust": 0.3, "vendor": "ntp", "version": "4.2.2" }, { "model": "big-ip", "scope": "eq", "trust": 0.3, "vendor": "f5", "version": "9.0" }, { "model": "opensolaris build snv 91", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "unified communications manager 7.0 su1", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "unified communications manager", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "6.1(2)" }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "4.1" }, { "model": "opensolaris build snv 47", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 64", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "aix", "scope": "eq", "trust": 0.3, "vendor": "ibm", "version": "5.3.10" }, { "model": "opensolaris build snv 37", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 101", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "unified communications manager sr3", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.2" }, { "model": "opensolaris build snv 115", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "voice portal", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "3.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "linux armel", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "4.0" }, { "model": "enterprise linux ws", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3" }, { "model": "solaris 10 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "desktop", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "3.0" }, { "model": "linux lpia", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "8.10" }, { "model": "freebsd", "scope": "eq", "trust": 0.3, "vendor": "freebsd", "version": "6.3" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "9.04" }, { "model": "linux mandrake x86 64", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "2008.0" }, { "model": "intuity audix lx", "scope": "eq", "trust": 0.3, "vendor": "avaya", "version": "2.0" }, { "model": "solaris 9 x86", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "unified meetingplace", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "0" }, { "model": "wide area application services", "scope": "eq", "trust": 0.3, "vendor": "cisco", "version": "4.0.7" }, { "model": "opensolaris build snv 116", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "opensolaris build snv 127", "scope": null, "trust": 0.3, "vendor": "sun", "version": null }, { "model": "idp", "scope": "eq", "trust": 0.3, "vendor": "juniper", "version": "5.1" }, { "model": "6.4-releng", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null }, { "model": "linux m68k", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "unified callmanager 4.2 sr1", "scope": null, "trust": 0.3, "vendor": "cisco", "version": null }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "5.0" }, { "model": "6.4-release-p5", "scope": null, "trust": 0.3, "vendor": "freebsd", "version": null } ], "sources": [ { "db": "CERT/CC", "id": "VU#568372" }, { "db": "BID", "id": "37255" }, { "db": "JVNDB", "id": "JVNDB-2009-002446" }, { "db": "CNNVD", "id": "CNNVD-200912-113" }, { "db": "NVD", "id": "CVE-2009-3563" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ntp:ntp:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "4.2.2p4", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.98:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.72:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.90:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.96:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.93:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.99:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.95:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2p3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2p2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.92:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.73:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.97:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.91:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.2.2p1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:ntp:ntp:4.0.94:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2009-3563" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Statement Date:\u00a0\u00a0 January 17, 2024", "sources": [ { "db": "CERT/CC", "id": "VU#417980" } ], "trust": 0.8 }, "cve": "CVE-2009-3563", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "exploitabilityScore": 10.0, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.4, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2009-3563", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.9, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2009-3563", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-200912-113", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2009-3563", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2009-3563" }, { "db": "JVNDB", "id": "JVNDB-2009-002446" }, { "db": "CNNVD", "id": "CNNVD-200912-113" }, { "db": "NVD", "id": "CVE-2009-3563" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. A novel traffic-loop vulnerability has been identified against certain implementations of UDP-based applications protocols. An unauthenticated attacker can use maliciously-crafted packets against a UDP-based vulnerable implementation of application protocols (e.g., DNS, NTP, TFTP) that can lead to Denial-of-Service (DOS) and/or abuse of resources.CVE-2009-3563 Unknown\nCVE-2024-1309 Unknown\nCVE-2024-2169 AffectedCVE-2009-3563 Unknown\nCVE-2024-1309 Unknown\nCVE-2024-2169 Affected. NTP for, mode 7 A vulnerability exists due to packet processing. NTP Then \"restrict ... noquery\" or \"restrict ... ignore\" There are no restrictions due to the settings of IP From the address, an invalid mode 7 request or mode 7 If you receive an error response, mode 7 Returns and logs the error message. NTP The sender address was spoofed. mode 7 A vulnerability exists due to packet processing.Service operation obstruction by a remote third party (DoS) You may be attacked. NTP is prone to a remote denial-of-service vulnerability because it fails to properly handle certain incoming network packets. \nAn attacker can exploit this issue to cause the application to consume excessive CPU resources and fill disk space with log messages. ntpd logged information about\n all such packets and replied with an NTP packet that was treated as\n malformed when received by another ntpd. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.0:\n 7377623e9f89c5f6f6cc7af577974458 2008.0/i586/ntp-4.2.4-10.3mdv2008.0.i586.rpm\n 977fdaf289c9eff53fb6d563b8a60ede 2008.0/i586/ntp-client-4.2.4-10.3mdv2008.0.i586.rpm\n e2701dc192a578b141f9408d355522b6 2008.0/i586/ntp-doc-4.2.4-10.3mdv2008.0.i586.rpm \n 167e3a9dbf1bd10fd576e6a91a2cbc10 2008.0/SRPMS/ntp-4.2.4-10.3mdv2008.0.src.rpm\n\n Mandriva Linux 2008.0/X86_64:\n 4fa28ef04548ded3dc604ea61a671cc5 2008.0/x86_64/ntp-4.2.4-10.3mdv2008.0.x86_64.rpm\n b79353be7c2da1fadf3bc55c2c06a6a6 2008.0/x86_64/ntp-client-4.2.4-10.3mdv2008.0.x86_64.rpm\n c93dd45fc32ece044874c09aac85ce66 2008.0/x86_64/ntp-doc-4.2.4-10.3mdv2008.0.x86_64.rpm \n 167e3a9dbf1bd10fd576e6a91a2cbc10 2008.0/SRPMS/ntp-4.2.4-10.3mdv2008.0.src.rpm\n\n Mandriva Linux 2009.0:\n 6a38837b845970b62520f48273362485 2009.0/i586/ntp-4.2.4-18.5mdv2009.0.i586.rpm\n 4f9d98a186c4ca4348f8296fde0bf174 2009.0/i586/ntp-client-4.2.4-18.5mdv2009.0.i586.rpm\n 0ae26de5f1bddba4c2718a55463d94b7 2009.0/i586/ntp-doc-4.2.4-18.5mdv2009.0.i586.rpm \n 45b55bdbde84289b20e295b9dbf188fb 2009.0/SRPMS/ntp-4.2.4-18.5mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n e31f3f71e730e5777d9832cd76430b17 2009.0/x86_64/ntp-4.2.4-18.5mdv2009.0.x86_64.rpm\n 67a998da616d287fe9e15092bbd45ff6 2009.0/x86_64/ntp-client-4.2.4-18.5mdv2009.0.x86_64.rpm\n ab02dd7a3457f0ba75248390827c69a4 2009.0/x86_64/ntp-doc-4.2.4-18.5mdv2009.0.x86_64.rpm \n 45b55bdbde84289b20e295b9dbf188fb 2009.0/SRPMS/ntp-4.2.4-18.5mdv2009.0.src.rpm\n\n Mandriva Linux 2009.1:\n b6597f0ee96ec99c7ddbe5e18a588e48 2009.1/i586/ntp-4.2.4-22.3mdv2009.1.i586.rpm\n 069667f851886c39daa0309a5e920619 2009.1/i586/ntp-client-4.2.4-22.3mdv2009.1.i586.rpm\n 9d5b87f008f00ad30b3c652e5f62eea2 2009.1/i586/ntp-doc-4.2.4-22.3mdv2009.1.i586.rpm \n e2686dd1237f529bb08f2837052fb46f 2009.1/SRPMS/ntp-4.2.4-22.3mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n e88121b38c942c572b61ba7631130104 2009.1/x86_64/ntp-4.2.4-22.3mdv2009.1.x86_64.rpm\n c10eaf7ecbeb3b5db5eac978cb2ae78e 2009.1/x86_64/ntp-client-4.2.4-22.3mdv2009.1.x86_64.rpm\n 8ff34e79ed1f88fa2e7b7e8030232a30 2009.1/x86_64/ntp-doc-4.2.4-22.3mdv2009.1.x86_64.rpm \n e2686dd1237f529bb08f2837052fb46f 2009.1/SRPMS/ntp-4.2.4-22.3mdv2009.1.src.rpm\n\n Mandriva Linux 2010.0:\n 2913258a9be65654a3ce5e16c1bd5b25 2010.0/i586/ntp-4.2.4-27.1mdv2010.0.i586.rpm\n 90cf8d7f8fb468461f8b8baf7d97daa4 2010.0/i586/ntp-client-4.2.4-27.1mdv2010.0.i586.rpm\n 0b8527559ef05049461cea2f5a83bd6d 2010.0/i586/ntp-doc-4.2.4-27.1mdv2010.0.i586.rpm \n 7bbd4271086ace434dd8a958bc7c2488 2010.0/SRPMS/ntp-4.2.4-27.1mdv2010.0.src.rpm\n\n Mandriva Linux 2010.0/X86_64:\n 2e938e58d48f3f581ffaab085dacc1f2 2010.0/x86_64/ntp-4.2.4-27.1mdv2010.0.x86_64.rpm\n cde3421867c549169751f2964420a578 2010.0/x86_64/ntp-client-4.2.4-27.1mdv2010.0.x86_64.rpm\n d9799e7286a49420699d3995e8bc1e47 2010.0/x86_64/ntp-doc-4.2.4-27.1mdv2010.0.x86_64.rpm \n 7bbd4271086ace434dd8a958bc7c2488 2010.0/SRPMS/ntp-4.2.4-27.1mdv2010.0.src.rpm\n\n Corporate 3.0:\n 65dda36544e7a43175abfd64aa725b34 corporate/3.0/i586/ntp-4.2.0-2.4.C30mdk.i586.rpm \n a485cad0631598335af0e89ea399ff9d corporate/3.0/SRPMS/ntp-4.2.0-2.4.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n 44130a38552f20b3f34d176c47aa5aab corporate/3.0/x86_64/ntp-4.2.0-2.4.C30mdk.x86_64.rpm \n a485cad0631598335af0e89ea399ff9d corporate/3.0/SRPMS/ntp-4.2.0-2.4.C30mdk.src.rpm\n\n Corporate 4.0:\n a2f5a598865d390f7c537fc9e1a9a758 corporate/4.0/i586/ntp-4.2.0-21.7.20060mlcs4.i586.rpm\n f7eb3884bc0aa71f8237d9500d24489e corporate/4.0/i586/ntp-client-4.2.0-21.7.20060mlcs4.i586.rpm \n d2ed46d981570f66763f85c822b14179 corporate/4.0/SRPMS/ntp-4.2.0-21.7.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 1bd4395c9c80b583bad4ce5085c0d557 corporate/4.0/x86_64/ntp-4.2.0-21.7.20060mlcs4.x86_64.rpm\n 95f812f672cf79fccee411154c23d6ee corporate/4.0/x86_64/ntp-client-4.2.0-21.7.20060mlcs4.x86_64.rpm \n d2ed46d981570f66763f85c822b14179 corporate/4.0/SRPMS/ntp-4.2.0-21.7.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n 16e3975f3e4bb9a830eb1e8166f2fec7 mes5/i586/ntp-4.2.4-18.5mdvmes5.i586.rpm\n 2af9623d6f3685d54dd4db31f9622f7a mes5/i586/ntp-client-4.2.4-18.5mdvmes5.i586.rpm\n 5abb771d456b4094d123c5cf24701aee mes5/i586/ntp-doc-4.2.4-18.5mdvmes5.i586.rpm \n 086a05988392a6602c023f4e453bcc32 mes5/SRPMS/ntp-4.2.4-18.5mdvmes5.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 9b40b186bf9ebeb70c1350f9a158ac92 mes5/x86_64/ntp-4.2.4-18.5mdvmes5.x86_64.rpm\n f4a42229dc9b408b04f0c83aa3a25720 mes5/x86_64/ntp-client-4.2.4-18.5mdvmes5.x86_64.rpm\n 2022447e5d9dbf6ee1a6e594935b1d04 mes5/x86_64/ntp-doc-4.2.4-18.5mdvmes5.x86_64.rpm \n 086a05988392a6602c023f4e453bcc32 mes5/SRPMS/ntp-4.2.4-18.5mdvmes5.src.rpm\n\n Multi Network Firewall 2.0:\n 56a2596fd513295f0700508c08a6a3da mnf/2.0/i586/ntp-4.2.0-2.4.C30mdk.i586.rpm \n f8218643f02c3168e0331852630835a0 mnf/2.0/SRPMS/ntp-4.2.0-2.4.C30mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFLHtsAmqjQ0CJFipgRAi1pAKDUH87qI312n3XHGnl4TgVNC+IuvACbBhUw\nnLO5FqSyfvZaqSNZ93vTSUw=\n=XCg1\n-----END PGP SIGNATURE-----\n. \n\nProduct/Patch kit\n ITRC Download Location\n MD5 and SHA1 Checksum\n\nHP Tru64 UNIX v 5.1B-4 PK6 (BL27)\n T64KIT1001787-V51BB27-ES-20100817\n http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001787-V51BB27-ES-20100817\n MD5 results: 2b3a21a96b7855d9ca223f483bd5bfed\n SHA1 results: ac2221c9d025008b258ac8592a210e16e775fbcf\n\nHP Tru64 UNIX v 5.1B-5 PK7 (BL28)\n T64KIT1001786-V51BB28-ES-20100816\n http://www13.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT1001786-V51BB28-ES-20100816\n MD5 results: b34d028797577408d565da27d93c30a9\n SHA1 results: b34d028797577408d565da27d93c30a9\n\nNote:\nThe patch kit installation instructions and the Patch Summary and Release Notes documents provide patch kit installation and removal instructions and a summary of each patch. Please read these documents prior to installing patches. ===========================================================\nUbuntu Security Notice USN-867-1 December 08, 2009\nntp vulnerability\nCVE-2009-3563\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\nUbuntu 8.04 LTS\nUbuntu 8.10\nUbuntu 9.04\nUbuntu 9.10\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n ntp 1:4.2.0a+stable-8.1ubuntu6.3\n ntp-server 1:4.2.0a+stable-8.1ubuntu6.3\n\nUbuntu 8.04 LTS:\n ntp 1:4.2.4p4+dfsg-3ubuntu2.3\n\nUbuntu 8.10:\n ntp 1:4.2.4p4+dfsg-6ubuntu2.4\n\nUbuntu 9.04:\n ntp 1:4.2.4p4+dfsg-7ubuntu5.2\n\nUbuntu 9.10:\n ntp 1:4.2.4p6+dfsg-1ubuntu5.1\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes. \n\nDetails follow:\n\nRobin Park and Dmitri Vinokurov discovered a logic error in ntpd. \n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.diff.gz\n Size/MD5: 262833 1fdb567debfe1ce10ffc44ec492d4aa5\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.dsc\n Size/MD5: 872 a6f59fefbf4050684aa38de8b24c54b3\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz\n Size/MD5: 2272395 30f8b3d5b970c14dce5c6d8c922afa3e\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.0a+stable-8.1ubuntu6.3_all.deb\n Size/MD5: 891204 35969710cca05eabef8399e53de0bdb5\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_amd64.deb\n Size/MD5: 35022 cf299ac36cb52399b7b80a7aa6b00c77\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_amd64.deb\n Size/MD5: 136402 14d2d9f6ec9a8f4edb2d674538b642a8\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_amd64.deb\n Size/MD5: 270524 05dfaa4fdf895ebfdf61ee43d97ef9c6\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_amd64.deb\n Size/MD5: 47932 ee2a72cdc8d20e545443bbcf086c6f82\n http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_amd64.deb\n Size/MD5: 224268 d9daac981b2dd6d16d69d4bfc0f1d4bf\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_i386.deb\n Size/MD5: 33926 4a79ecdb4d1fa3d407fca23c00292a9d\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_i386.deb\n Size/MD5: 121710 77db2cb6c9daa84d6174fbe277a96c44\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_i386.deb\n Size/MD5: 256764 7aeb8e664a3ff16608fc880a108a8645\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_i386.deb\n Size/MD5: 44598 1e3067b9f7fee43a3f0b18ec9d4b356b\n http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_i386.deb\n Size/MD5: 198516 a0066ee286571189f7f6099bd8a2c220\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb\n Size/MD5: 37162 3b19f883b00809d36ae9bd79114955c1\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb\n Size/MD5: 135184 d1419b2d9aff1392c78bab2911114c2a\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb\n Size/MD5: 271468 856ffca2e1d79bfd730aec3bcc1ce497\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb\n Size/MD5: 49266 2cee0d14d9d1deafb78b26041d1ed05a\n http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb\n Size/MD5: 222168 42ef5dfaddb9e1fe9b9933119cdbe9ab\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_sparc.deb\n Size/MD5: 34428 09539a35a435d11f12ed9f5bd9534771\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_sparc.deb\n Size/MD5: 126814 8e2066b695d32e08355bfdc0f571c705\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_sparc.deb\n Size/MD5: 261652 1e4142216eb7ff527ce1f59b2ad2d0af\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_sparc.deb\n Size/MD5: 46790 7d456f67bea9e6c3f2452a5d6a847f67\n http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_sparc.deb\n Size/MD5: 207566 433dca719ea61cca73b993a530299fae\n\nUpdated packages for Ubuntu 8.04 LTS:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.diff.gz\n Size/MD5: 287172 dfb60aa2cd60f61907856f5b50c8fc46\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.dsc\n Size/MD5: 1046 251a7ead6fcf835535176b89ed7cc3d4\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz\n Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-3ubuntu2.3_all.deb\n Size/MD5: 928116 28eb96c89717c9fdfe39b3f140428484\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb\n Size/MD5: 477388 bc91b335e5963954d4284d0b57b37c40\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb\n Size/MD5: 65194 185195f8e2df78f7dfbba5b88be482ce\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_i386.deb\n Size/MD5: 432592 0ec673d7b4507cb992091a7b63007826\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_i386.deb\n Size/MD5: 61224 fbf4533c390ea05b7149e370815983e1\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb\n Size/MD5: 435450 1be0d440cf6bcf5048139c856b85106b\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb\n Size/MD5: 61184 a1b2a4c34beee7210e322b2f05d94095\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb\n Size/MD5: 490538 e6adb5a7bde67fc04b543664e6ef748f\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb\n Size/MD5: 66780 35b709a20016e07b383362610ae2b45a\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb\n Size/MD5: 442346 212fc209067ce419756fa2d6f486fd33\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb\n Size/MD5: 61964 7937872f5231323d82c98f0ace751a79\n\nUpdated packages for Ubuntu 8.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.diff.gz\n Size/MD5: 305723 ea6556c8f4053f2abd79e4cf96633a65\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.dsc\n Size/MD5: 1555 fa669b54aac2751215e1fbac226bf51e\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz\n Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-6ubuntu2.4_all.deb\n Size/MD5: 928754 eaa802a30b795ce27417c0f8fd612564\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb\n Size/MD5: 487270 83aef0ae73d841ca98c1aff95b68b974\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb\n Size/MD5: 66118 b1d338d727c1fbb479a0298e67cf920c\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_i386.deb\n Size/MD5: 442316 9441f50fefcd831651417c8e66353769\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_i386.deb\n Size/MD5: 62320 67f26e8efd2233911b3ee5d5c779da52\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb\n Size/MD5: 441714 cc6ffa5cf9f82b707ebf77291c0c7c2b\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb\n Size/MD5: 62086 d4c4d6efa2ae6c85b400d73bd39cac8d\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb\n Size/MD5: 491332 f4016ec402c0665df5241555af9a04ed\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb\n Size/MD5: 67198 47c3dd10eae821a9d1abcf77a85d6651\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb\n Size/MD5: 449572 4a168bf44988c1da63a39bd14b17b682\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb\n Size/MD5: 62834 0ae1f43f7f327de4ab787c911f0fd1ca\n\nUpdated packages for Ubuntu 9.04:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.diff.gz\n Size/MD5: 306032 90b99d80d9e52e4db7e30b96002834b4\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.dsc\n Size/MD5: 1556 b6f57df7732c6fd3a29de6d4c65c421d\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz\n Size/MD5: 2835029 dc2b3ac9cc04b0f29df35467514c9884\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-7ubuntu5.2_all.deb\n Size/MD5: 929066 4230567b7ef012596cd5e291df13df76\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb\n Size/MD5: 487628 3789b894fe98014ed8b62fc910088d2a\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb\n Size/MD5: 66442 b43e6e46f0c035961fa2e382bd883fe2\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_i386.deb\n Size/MD5: 442634 efaf8cc0f84114fe6d426827f22e3db4\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_i386.deb\n Size/MD5: 62642 7c9ce030867f9809b49634bdcc2a57a3\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb\n Size/MD5: 442086 4dd3ea7d09c746a592b0b622f4fcb753\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb\n Size/MD5: 62410 77fa9c143489ea55da37adcd9f268e6b\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb\n Size/MD5: 491526 d04d12ed5ebc7968a90894d92ca094c6\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb\n Size/MD5: 67530 55cffc037f6a88b24abd399925e700c3\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb\n Size/MD5: 449666 7dbdc0aa05e90a9363dfcae003c3e531\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb\n Size/MD5: 63156 4647b041df35cabb86fb0789e3a083ce\n\nUpdated packages for Ubuntu 9.10:\n\n Source archives:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.diff.gz\n Size/MD5: 344395 26dd6961151053346b36474a18d6412f\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.dsc\n Size/MD5: 1575 c86cc4fe026ee6830d6564cabeaedc61\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg.orig.tar.gz\n Size/MD5: 2836728 bddc66cdc7c35c0cb22cc84cad770c65\n\n Architecture independent packages:\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p6+dfsg-1ubuntu5.1_all.deb\n Size/MD5: 931324 bcc11545b9399ca7e09268a85fd6eabf\n\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb\n Size/MD5: 529994 c766915925a1cccbd27332232a45e016\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb\n Size/MD5: 70098 968cdde0e47a775cf13b922c7f2308f5\n\n i386 architecture (x86 compatible Intel/AMD):\n\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_i386.deb\n Size/MD5: 490892 83e3785020b3cb659b6559cb51632333\n http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_i386.deb\n Size/MD5: 66770 34bd54ff829c032049dc8d7340984b4c\n\n lpia architecture (Low Power Intel Architecture):\n\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb\n Size/MD5: 487552 f7ad919e64533aed59112c2fe5c49fd9\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb\n Size/MD5: 66316 4a2cd9cdf5cfa46ad3784c37f7c29502\n\n powerpc architecture (Apple Macintosh G3/G4/G5):\n\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb\n Size/MD5: 528880 401e4a455acdf2a14c5f556e8cae1911\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb\n Size/MD5: 69390 9e0e3535fbe3ffe61be245ddd22e5d6c\n\n sparc architecture (Sun SPARC/UltraSPARC):\n\n http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb\n Size/MD5: 499646 6059b8a5f9f216b8de00eed901af902e\n http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb\n Size/MD5: 67272 8d04c1e93ca4acd7a4eaac04008326b3\n\n\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n VMware Security Advisory\n\nAdvisory ID: VMSA-2010-0009\nSynopsis: ESXi ntp and ESX Service Console third party updates\nIssue date: 2010-05-27\nUpdated on: 2010-05-27 (initial release of advisory)\nCVE numbers: CVE-2009-2695 CVE-2009-2908 CVE-2009-3228\n CVE-2009-3286 CVE-2009-3547 CVE-2009-3613\n CVE-2009-3612 CVE-2009-3620 CVE-2009-3621\n CVE-2009-3726 CVE-2007-4567 CVE-2009-4536\n CVE-2009-4537 CVE-2009-4538 CVE-2006-6304\n CVE-2009-2910 CVE-2009-3080 CVE-2009-3556\n CVE-2009-3889 CVE-2009-3939 CVE-2009-4020\n CVE-2009-4021 CVE-2009-4138 CVE-2009-4141\n CVE-2009-4272 CVE-2009-3563 CVE-2009-4355\n CVE-2009-2409 CVE-2009-0590 CVE-2009-1377\n CVE-2009-1378 CVE-2009-1379 CVE-2009-1386\n CVE-2009-1387 CVE-2009-4212 CVE-2009-1384\n CVE-2010-0097 CVE-2010-0290 CVE-2009-3736\n CVE-2010-0001 CVE-2010-0426 CVE-2010-0427\n CVE-2010-0382\n- ------------------------------------------------------------------------\n\n1. Summary\n\n ESXi update for ntp and ESX Console OS (COS) updates for COS\n kernel, openssl, krb5, gcc, bind, gzip, sudo. \n\n2. Relevant releases\n\n VMware ESX 4.0.0 without patches ESX400-201005401-SG,\n ESX400-201005406-SG, ESX400-201005408-SG, ESX400-201005407-SG,\n ESX400-201005405-SG, ESX400-201005409-SG\n\n3. Problem Description\n\n a. Service Console update for COS kernel\n\n Updated COS package \"kernel\" addresses the security issues that are\n fixed through versions 2.6.18-164.11.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228,\n CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues\n fixed in kernel 2.6.18-164.6.1\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621,\n CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1. \n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537,\n CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1\n\n The Common Vulnerabilities and Exposures project (cve.mitre.org)\n has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080,\n CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020,\n CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to\n the security issues fixed in kernel 2.6.18-164.11.1. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-201005401-SG\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n ESX 2.5.5 ESX not applicable\n\n vMA 4.0 RHEL5 affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n b. ESXi userworld update for ntp\n\n The Network Time Protocol (NTP) is used to synchronize the time of\n a computer client or server to another server or reference time\n source. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-3563 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi 4.0 ESXi ESXi400-201005401-SG\n ESXi 3.5 ESXi affected, patch pending\n\n ESX any ESX not applicable\n\n vMA any RHEL5 not applicable\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n c. Service Console package openssl updated to 0.9.8e-12.el5_4.1\n\n OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with\n full-strength cryptography world-wide. \n\n A memory leak in the zlib could allow a remote attacker to cause a\n denial of service (memory consumption) via vectors that trigger\n incorrect calls to the CRYPTO_cleanup_all_ex_data function. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-4355 to this issue. \n\n A vulnerability was discovered which may allow remote attackers to\n spoof certificates by using MD2 design flaws to generate a hash\n collision in less than brute-force time. NOTE: the scope of this\n issue is currently limited because the amount of computation\n required is still large. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-2409 to this issue. \n\n This update also includes security fixes that were first addressed\n in version openssl-0.9.8e-12.el5.i386.rpm. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the names CVE-2009-0590, CVE-2009-1377, CVE-2009-1378,\n CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387 to these issues. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-201005401-SG\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n ESX 2.5.5 ESX not applicable\n\n vMA 4.0 RHEL5 affected, patch pending**\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n ** see VMSA-2010-0004\n\n d. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to\n 2.2.14-15. \n\n Kerberos is a network authentication protocol. It is designed to\n provide strong authentication for client/server applications by\n using secret-key cryptography. \n\n Multiple integer underflows in the AES and RC4 functionality in the\n crypto library could allow remote attackers to cause a denial of\n service (daemon crash) or possibly execute arbitrary code by\n providing ciphertext with a length that is too short to be valid. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-4212 to this issue. \n\n The service console package for pam_krb5 is updated to version\n pam_krb5-2.2.14-15. This update fixes a flaw found in pam_krb5. In\n some non-default configurations (specifically, where pam_krb5 would\n be the first module to prompt for a password), a remote attacker\n could use this flaw to recognize valid usernames, which would aid a\n dictionary-based password guess attack. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-1384 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-201005406-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n e. Service Console package bind updated to 9.3.6-4.P1.el5_4.2\n\n BIND (Berkeley Internet Name Daemon) is by far the most widely used\n Domain Name System (DNS) software on the Internet. \n\n A vulnerability was discovered which could allow remote attacker to\n add the Authenticated Data (AD) flag to a forged NXDOMAIN response\n for an existing domain. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-0097 to this issue. \n\n A vulnerability was discovered which could allow remote attackers\n to conduct DNS cache poisoning attacks by receiving a recursive\n client query and sending a response that contains CNAME or DNAME\n records, which do not have the intended validation before caching. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-0290 to this issue. \n\n A vulnerability was found in the way that bind handles out-of-\n bailiwick data accompanying a secure response without re-fetching\n from the original source, which could allow remote attackers to\n have an unspecified impact via a crafted response. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-0382 to this issue. \n\n NOTE: ESX does not use the BIND name service daemon by default. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-201005408-SG\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n ESX 2.5.5 ESX not applicable\n\n vMA 4.0 RHEL5 affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n f. Service Console package gcc updated to 3.2.3-60\n\n The GNU Compiler Collection includes front ends for C, C++,\n Objective-C, Fortran, Java, and Ada, as well as libraries for these\n languages\n\n GNU Libtool\u0027s ltdl.c attempts to open .la library files in the\n current working directory. This could allow a local user to gain\n privileges via a Trojan horse file. The GNU C Compiler collection\n (gcc) provided in ESX contains a statically linked version of the\n vulnerable code, and is being replaced. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2009-3736 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not applicable\n\n ESX 4.0 ESX ESX400-201005407-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n g. Service Console package gzip update to 1.3.3-15.rhel3\n\n gzip is a software application used for file compression\n\n An integer underflow in gzip\u0027s unlzw function on 64-bit platforms\n may allow a remote attacker to trigger an array index error\n leading to a denial of service (application crash) or possibly\n execute arbitrary code via a crafted LZW compressed file. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-0001 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-201005405-SG\n ESX 3.5 ESX affected, patch pending\n ESX 3.0.3 ESX affected, patch pending\n ESX 2.5.5 ESX affected, patch pending\n\n vMA 4.0 RHEL5 affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n h. Service Console package sudo updated to 1.6.9p17-6.el5_4\n\n Sudo (su \"do\") allows a system administrator to delegate authority\n to give certain users (or groups of users) the ability to run some\n (or all) commands as root or another user while providing an audit\n trail of the commands and their arguments. \n\n When a pseudo-command is enabled, sudo permits a match between the\n name of the pseudo-command and the name of an executable file in an\n arbitrary directory, which allows local users to gain privileges\n via a crafted executable file. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-0426 to this issue. \n\n When the runas_default option is used, sudo does not properly set\n group memberships, which allows local users to gain privileges via\n a sudo command. \n\n The Common Vulnerabilities and Exposures Project (cve.mitre.org)\n has assigned the name CVE-2010-0427 to this issue. \n\n Column 4 of the following table lists the action required to\n remediate the vulnerability in each release, if a solution is\n available. \n\n VMware Product Running Replace with/\n Product Version on Apply Patch\n ============= ======== ======= =================\n VirtualCenter any Windows not affected\n\n hosted * any any not affected\n\n ESXi any ESXi not affected\n\n ESX 4.0 ESX ESX400-201005409-SG\n ESX 3.5 ESX not applicable\n ESX 3.0.3 ESX not applicable\n ESX 2.5.5 ESX not applicable\n\n vMA 4.0 RHEL5 affected, patch pending\n\n * hosted products are VMware Workstation, Player, ACE, Server, Fusion. \n\n4. Solution\n\n Please review the patch/release notes for your product and version\n and verify the md5sum of your downloaded file. \n\n ESX 4.0\n -------\n http://bit.ly/aqTCqn\n md5sum: ace37cd8d7c6388edcea2798ba8be939\n sha1sum: 8fe7312fe74a435e824d879d4f1ff33df25cee78\n http://kb.vmware.com/kb/1013127\n\n Note ESX400-201005001 contains the following security bulletins\n ESX400-201005404-SG (ntp), ESX400-201005405-SG (gzip),\n ESX400-201005408-SG (bind), ESX400-201005401-SG (kernel, openssl),\n ESX400-201005406-SG (krb5, pam_krb5), ESX400-201005402-SG (JRE),\n ESX400-201005403-SG (expat), ESX400-201005409-SG (sudo),\n ESX400-201005407-SG (gcc). \n\n5. References\n\n CVE numbers\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2695\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2908\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3228\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3286\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3547\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3613\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3612\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3621\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3726\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4567\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4536\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4537\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4538\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6304\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2910\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3080\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3556\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3889\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3939\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4020\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4021\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4138\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4141\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4272\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4355\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2409\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1386\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1387\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4212\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1384\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0097\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0290\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0001\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0427\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0382\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n2010-05-27 VMSA-2010-0009\nInitial security advisory after release of patch 06 bulletins for ESX\n4.0 on 2010-05-27\n\n- -----------------------------------------------------------------------\n7. Contact\n\nE-mail list for product security notifications and announcements:\nhttp://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\nThis Security Advisory is posted to the following lists:\n\n * security-announce at lists.vmware.com\n * bugtraq at securityfocus.com\n * full-disclosure at lists.grok.org.uk\n\nE-mail: security at vmware.com\nPGP key at: http://kb.vmware.com/kb/1055\n\nVMware Security Center\nhttp://www.vmware.com/security\n\nVMware security response policy\nhttp://www.vmware.com/support/policies/security_response.html\n\nGeneral support life cycle policy\nhttp://www.vmware.com/support/policies/eos.html\n\nVMware Infrastructure support life cycle policy\nhttp://www.vmware.com/support/policies/eos_vi.html\n\nCopyright 2010 VMware Inc. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.10 (MingW32)\n\niEYEARECAAYFAkv/V8IACgkQS2KysvBH1xnqNgCcCwwelsQK6DQjcTc2wnIPp0EW\nE70An2gfkiCQ5FNqvf3y+kNredxyVZwI\n=JW3s\n-----END PGP SIGNATURE-----\n. \nCorrected: 2010-01-06 21:45:30 UTC (RELENG_8, 8.0-STABLE)\n 2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2)\n 2010-01-06 21:45:30 UTC (RELENG_7, 7.2-STABLE)\n 2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6)\n 2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10)\n 2010-01-06 21:45:30 UTC (RELENG_6, 6.4-STABLE)\n 2010-01-06 21:45:30 UTC (RELENG_6_4, 6.4-RELEASE-p9)\n 2010-01-06 21:45:30 UTC (RELENG_6_3, 6.3-RELEASE-p15)\nCVE Name: CVE-2009-3563\n\nFor general information regarding FreeBSD Security Advisories,\nincluding descriptions of the fields above, security branches, and the\nfollowing sections, please visit \u003cURL:http://security.FreeBSD.org/\u003e. \n\nII. \n\nIII. \n\nIV. Workaround\n\nProper filtering of mode 7 NTP packets by a firewall can limit the\nnumber of systems used to attack your resources. Solution\n\nPerform one of the following:\n\n1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE,\nor to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or\nRELENG_6_3 security branch dated after the correction date. \n\n2) To patch your present system:\n\nThe following patches have been verified to apply to FreeBSD 6.3, 6.4,\n7.1, 7.2, and 8.0 systems. \n\na) Download the relevant patch from the location below, and verify the\ndetached PGP signature using your PGP utility. \n\n# fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch\n# fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch.asc\n\nb) Execute the following commands as root:\n\n# cd /usr/src\n# patch \u003c /path/to/patch\n# cd /usr/src/usr.sbin/ntp/ntpd\n# make obj \u0026\u0026 make depend \u0026\u0026 make \u0026\u0026 make install\n# /etc/rc.d/ntpd restart\n\nVI. Correction details\n\nThe following list contains the revision numbers of each file that was\ncorrected in FreeBSD. \n\nCVS:\n\nBranch Revision\n Path\n- -------------------------------------------------------------------------\nRELENG_6\n src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.2\nRELENG_6_4\n src/UPDATING 1.416.2.40.2.13\n src/sys/conf/newvers.sh 1.69.2.18.2.15\n src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.1.2.1\nRELENG_6_3\n src/UPDATING 1.416.2.37.2.20\n src/sys/conf/newvers.sh 1.69.2.15.2.19\n src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.20.1\nRELENG_7\n src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.2\nRELENG_7_2\n src/UPDATING 1.507.2.23.2.9\n src/sys/conf/newvers.sh 1.72.2.11.2.10\n src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.4.1\nRELENG_7_1\n src/UPDATING 1.507.2.13.2.13\n src/sys/conf/newvers.sh 1.72.2.9.2.14\n src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.2.1\nRELENG_8\n src/contrib/ntp/ntpd/ntp_request.c 1.2.2.1\nRELENG_8_0\n src/UPDATING 1.632.2.7.2.5\n src/sys/conf/newvers.sh 1.83.2.6.2.5\n src/contrib/ntp/ntpd/ntp_request.c 1.2.4.1\n- -------------------------------------------------------------------------\n\nSubversion:\n\nBranch/path Revision\n- -------------------------------------------------------------------------\nstable/6/ r201679\nreleng/6.4/ r201679\nreleng/6.3/ r201679\nstable/7/ r201679\nreleng/7.2/ r201679\nreleng/7.1/ r201679\nstable/8/ r201679\nreleng/8.0/ r201679\nhead/ r200576\n- -------------------------------------------------------------------------\n\nVII. \n\nRelease Date: 2011-03-28\nLast Updated: 2011-03-24\n\n ------------------------------------------------------------------------------\n\nPotential Security Impact: Remote Denial of Service (DoS)\n\nSource: Hewlett-Packard Company, HP Software Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified with HP-UX running XNTP. The vulnerability could be exploited remotely create a Denial of Service (DoS). \n\nReferences: CVE-2009-3563\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. \nHP-UX B.11.11, B.11.23, B.11.31 running XNTP. \n\nBACKGROUND\n\nCVSS 2.0 Base Metrics\n===========================================================\n Reference Base Vector Base Score\nCVE-2009-3563 (AV:N/AC:L/Au:N/C:N/I:P/A:P) 6.4\n===========================================================\n Information on CVSS is documented\n in HP Customer Notice: HPSN-2008-002\n\nRESOLUTION\n\nHP has provided the following patches to resolve this vulnerability. \nThe patches are available by contacting HP Support. \n\nhttp://itrc.hp.com\n\nHP-UX Release / Patch ID\n\nB.11.11 (11i v1) / PHNE_41907\n\nB.11.23 (11i v2) / PHNE_41908\n\nB.11.31 (11i v3) / PHNE_41177\n\nMANUAL ACTIONS: No\n\nPRODUCT SPECIFIC INFORMATION\n\nHP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see: https://www.hp.com/go/swa\n\nThe following text is for use by the HP-UX Software Assistant. \n\nAFFECTED VERSIONS\n\nHP-UX B.11.11\n==================\nInternetSrvcs.INETSVCS-BOOT\naction: install patch PHNE_41907 or subsequent\n\nHP-UX B.11.23\n==================\nInternetSrvcs.INETSVCS2-BOOT\naction: install patch PHNE_41908 or subsequent\n\nHP-UX B.11.31\n==================\nNTP.NTP-RUN\naction: install patch PHNE_41177 or subsequent\n\nEND AFFECTED VERSIONS\n\nHISTORY\nVersion:1 (rev.1) 28 March 2011 Initial release\n\nThird Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer\u0027s patch management policy. \n\nSupport: For further information, contact normal HP Services support channel. \n\nReport: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com\nIt is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information. \nTo get the security-alert PGP key, please send an e-mail message as follows:\n To: security-alert@hp.com\n Subject: get key\nSubscribe: To initiate a subscription to receive future HP Security Bulletins via Email:\nhttp://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA\u0026langcode=USENG\u0026jumpid=in_SC-GEN__driverITRC\u0026topiccode=ITRC\nOn the web page: ITRC security bulletins and patch sign-up\nUnder Step1: your ITRC security bulletins and patches\n -check ALL categories for which alerts are required and continue. \nUnder Step2: your ITRC operating systems\n -verify your operating system selections are checked and save. \n\nTo update an existing subscription: http://h30046.www3.hp.com/subSignIn.php\nLog in on the web page: Subscriber\u0027s choice for Business: sign-in. \nOn the web page: Subscriber\u0027s Choice: your profile summary - use Edit Profile to update appropriate sections. \n\nTo review previously published Security Bulletins visit: http://www.itrc.hp.com/service/cki/secBullArchive.do\n\n* The Software Product Category that this Security Bulletin\nrelates to is represented by the 5th and 6th characters\nof the Bulletin number in the title:\n\nGN = HP General SW\nMA = HP Management Agents\nMI = Misc. 3rd Party SW\nMP = HP MPE/iX\nNS = HP NonStop Servers\nOV = HP OpenVMS\nPI = HP Printing \u0026 Imaging\nST = HP Storage SW\nTL = HP Trusted Linux\nTU = HP Tru64 UNIX\nUX = HP-UX\nVV = HP VirtualVault\n\nSystem management and security procedures must be reviewed frequently to maintain system integrity. HP is continually reviewing and enhancing the security features of software products to provide customers with current secure solutions. \n\n\"HP is broadly distributing this Security Bulletin in order to bring to the attention of users of the affected HP products the important security information contained in this Bulletin. HP recommends that all users determine the applicability of this information to their individual situations and take appropriate action. HP does not warrant that this information is necessarily accurate or complete for all user situations and, consequently, HP will not be responsible for any damages resulting from user\u0027s use or disregard of the information provided in this Bulletin. To the extent permitted by law, HP disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose, title and non-infringement.\"\n\nCopyright 2009 Hewlett-Packard Development Company, L.P. \nHewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided \"as is\" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll NTP users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/ntp-4.2.4_p7-r1\"\n\nReferences\n==========\n\n [ 1 ] CVE-2009-3563\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201001-01.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. \n\nLicense\n=======\n\nCopyright 2010 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. \nThe upgrade is available by downloading from software.hp.com -\u003e HPUX 11i\nSoftware -\u003e Internet ready and networking -\u003e HP-UX Network Time Protocol\nversion 4 or directly from https://h20392.www2.hp.com/portal/swdepot/displayP\nroductInfo.do?productNumber=HPUX-NTP\nReview the Installation link at the bottom of the page. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hp.com", "sources": [ { "db": "NVD", "id": "CVE-2009-3563" }, { "db": "CERT/CC", "id": "VU#568372" }, { "db": "CERT/CC", "id": "VU#417980" }, { "db": "JVNDB", "id": "JVNDB-2009-002446" }, { "db": "BID", "id": "37255" }, { "db": "VULMON", "id": "CVE-2009-3563" }, { "db": "PACKETSTORM", "id": "83621" }, { "db": "PACKETSTORM", "id": "94512" }, { "db": "PACKETSTORM", "id": "83609" }, { "db": "PACKETSTORM", "id": "90046" }, { "db": "PACKETSTORM", "id": "84917" }, { "db": "PACKETSTORM", "id": "121645" }, { "db": "PACKETSTORM", "id": "99964" }, { "db": "PACKETSTORM", "id": "84704" }, { "db": "PACKETSTORM", "id": "121285" } ], "trust": 4.23 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2009-3563", "trust": 6.2 }, { "db": "CERT/CC", "id": "VU#568372", "trust": 3.7 }, { "db": "BID", "id": "37255", "trust": 2.8 }, { "db": "CERT/CC", "id": "VU#417980", "trust": 2.6 }, { "db": "SECTRACK", "id": "1023298", "trust": 2.5 }, { "db": "VUPEN", "id": "ADV-2010-0510", "trust": 1.9 }, { "db": "SECUNIA", "id": "38764", "trust": 1.9 }, { "db": "VUPEN", "id": "ADV-2010-0528", "trust": 1.1 }, { "db": "VUPEN", "id": "ADV-2010-0993", "trust": 1.1 }, { "db": "SECUNIA", "id": "37922", "trust": 1.1 }, { "db": "SECUNIA", "id": "37629", "trust": 1.1 }, { "db": "SECUNIA", "id": "38832", "trust": 1.1 }, { "db": "SECUNIA", "id": "38834", "trust": 1.1 }, { "db": "SECUNIA", "id": "39593", "trust": 1.1 }, { "db": "SECUNIA", "id": "38794", "trust": 1.1 }, { "db": "JUNIPER", "id": "JSA10673", "trust": 1.1 }, { "db": "JUNIPER", "id": "JSA10691", "trust": 1.1 }, { "db": "JVN", "id": "JVNVU93188600", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2009-002446", "trust": 0.8 }, { "db": "FEDORA", "id": "FEDORA-2009-13090", "trust": 0.6 }, { "db": "FEDORA", "id": "FEDORA-2009-13121", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2010:0095", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2009:1651", "trust": 0.6 }, { "db": "REDHAT", "id": "RHSA-2009:1648", "trust": 0.6 }, { "db": "DEBIAN", "id": "DSA-1948", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-200912-113", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2009-3563", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "83621", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "94512", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "83609", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121022", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "90046", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "84917", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121645", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "99964", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "84704", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "121285", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#568372" }, { "db": "CERT/CC", "id": "VU#417980" }, { "db": "VULMON", "id": "CVE-2009-3563" }, { "db": "BID", "id": "37255" }, { "db": "JVNDB", "id": "JVNDB-2009-002446" }, { "db": "PACKETSTORM", "id": "83621" }, { "db": "PACKETSTORM", "id": "94512" }, { "db": "PACKETSTORM", "id": "83609" }, { "db": "PACKETSTORM", "id": "121022" }, { "db": "PACKETSTORM", "id": "90046" }, { "db": "PACKETSTORM", "id": "84917" }, { "db": "PACKETSTORM", "id": "121645" }, { "db": "PACKETSTORM", "id": "99964" }, { "db": "PACKETSTORM", "id": "84704" }, { "db": "PACKETSTORM", "id": "121285" }, { "db": "CNNVD", "id": "CNNVD-200912-113" }, { "db": "NVD", "id": "CVE-2009-3563" } ] }, "id": "VAR-200912-0769", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.425891594 }, "last_update_date": "2024-07-23T19:49:27.301000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "NV10-001 Fujitsu Fujitsu \u00a0 Security information", "trust": 0.8, "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026id=4958" }, { "title": "Debian CVElist Bug Report Logs: ntp: CVE-2009-3563 DoS through mode 7 packets", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=6af87915827741e9268f059d7932cd80" }, { "title": "Ubuntu Security Notice: ntp vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-867-1" }, { "title": "Debian Security Advisories: DSA-1948-1 ntp -- denial of service", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=dccc5b29483e1b8bed9fa984fc8c8c6e" }, { "title": "Cisco: Network Time Protocol Package Remote\u00a0Message Loop Denial of Service\u00a0Vulnerability", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-20091208-cve-2009-3563" }, { "title": "Debian Security Advisories: DSA-1992-1 chrony -- several vulnerabilities", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=0329811e8a24491e35ce229b8b52259d" }, { "title": "VMware Security Advisories: ESX Service Console and vMA third party updates", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=5f45ebecc93cf53cc0b45af03208cba6" }, { "title": "VMware Security Advisories: ESXi utilities and ESX Service Console third party updates", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=9ca0d654a28a118d1f99d0ae3b1753e8" } ], "sources": [ { "db": "VULMON", "id": "CVE-2009-3563" }, { "db": "JVNDB", "id": "JVNDB-2009-002446" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "design issues (CWE-DesignError) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2009-002446" }, { "db": "NVD", "id": "CVE-2009-3563" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.0, "url": "http://www.kb.cert.org/vuls/id/568372" }, { "trust": 2.5, "url": "http://security-tracker.debian.org/tracker/cve-2009-3563" }, { "trust": 2.5, "url": "http://securitytracker.com/id?1023298" }, { "trust": 2.5, "url": "http://www.securityfocus.com/bid/37255" }, { "trust": 2.3, "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331" }, { "trust": 1.9, "url": "http://www.vupen.com/english/advisories/2010/0510" }, { "trust": 1.9, "url": "http://secunia.com/advisories/38764" }, { "trust": 1.8, "url": "http://support.ntp.org/bin/view/main/securitynotice#dos_attack_from_certain_ntp_mode" }, { "trust": 1.8, "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074" }, { "trust": 1.7, "url": "https://rhn.redhat.com/errata/rhsa-2009-1651.html" }, { "trust": 1.7, "url": "http://www.kb.cert.org/vuls/id/mapg-7x7vd7" }, { "trust": 1.7, "url": "http://www.debian.org/security/2009/dsa-1948" }, { "trust": 1.7, "url": "https://rhn.redhat.com/errata/rhsa-2009-1648.html" }, { "trust": 1.7, "url": "http://www.kb.cert.org/vuls/id/mapg-7x7v6j" }, { "trust": 1.7, "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00809.html" }, { "trust": 1.7, "url": "https://www.redhat.com/archives/fedora-package-announce/2009-december/msg00763.html" }, { "trust": 1.7, "url": "https://rhn.redhat.com/errata/rhsa-2010-0095.html" }, { "trust": 1.6, "url": "http://www.ubuntu.com/usn/usn-867-1" }, { "trust": 1.6, "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=19540" }, { "trust": 1.4, "url": "http://support.avaya.com/css/p8/documents/100071808" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1iz71047" }, { "trust": 1.4, "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1iz68659" }, { "trust": 1.1, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-275590-1" }, { "trust": 1.1, "url": "https://lists.ntp.org/pipermail/announce/2009-december/000086.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/37922" }, { "trust": 1.1, "url": "http://secunia.com/advisories/37629" }, { "trust": 1.1, "url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc" }, { "trust": 1.1, "url": "http://secunia.com/advisories/38794" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/0528" }, { "trust": 1.1, "url": "http://secunia.com/advisories/38832" }, { "trust": 1.1, "url": "http://secunia.com/advisories/38834" }, { "trust": 1.1, "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "trust": 1.1, "url": "ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd-sa2010-005.txt.asc" }, { "trust": 1.1, "url": "http://secunia.com/advisories/39593" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2010/0993" }, { "trust": 1.1, "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2" }, { "trust": 1.1, "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10691" }, { "trust": 1.1, "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10673" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a7076" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a19376" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12141" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a11225" }, { "trust": 1.0, "url": "https://www.kb.cert.org/vuls/id/417980" }, { "trust": 0.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3563" }, { "trust": 0.8, "url": "http://tools.ietf.org/html/rfc2827" }, { "trust": 0.8, "url": "http://tools.ietf.org/html/rfc3704" }, { "trust": 0.8, "url": "http://www.ntp.org/downloads.html" }, { "trust": 0.8, "url": "http://bugs.gentoo.org/show_bug.cgi?id=290881" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnvu568372/" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu93188600/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3563" }, { "trust": 0.8, "url": "https://kb.cert.org/vuls/id/417980" }, { "trust": 0.4, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3563" }, { "trust": 0.3, "url": "http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_network_time" }, { "trust": 0.3, "url": "http://support.nortel.com/go/main.jsp?cscat=bltndetail\u0026id=985679" }, { "trust": 0.3, "url": "http://www.ntp.org/" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100073364" }, { "trust": 0.3, "url": "http://support.avaya.com/css/p8/documents/100071806" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0159" }, { "trust": 0.3, "url": "https://www.hp.com/go/swa" }, { "trust": 0.2, "url": "http://h30046.www3.hp.com/subsignin.php" }, { "trust": 0.2, "url": "http://www.itrc.hp.com/service/cki/secbullarchive.do" }, { "trust": 0.2, "url": "http://h30046.www3.hp.com/driveralertprofile.php?regioncode=na\u0026langcode=useng\u0026jumpid=in_sc-gen__driveritrc\u0026topiccode=itrc" }, { "trust": 0.2, "url": "https://h20392.www2.hp.com/portal/swdepot/displayp" }, { "trust": 0.2, "url": "http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/.html" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/867-1/" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20091208-cve-2009-3563" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/" }, { "trust": 0.1, "url": "http://www.mandriva.com/security/advisories" }, { "trust": 0.1, "url": "http://www13.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001786-v51bb28-es-20100816" }, { "trust": 0.1, "url": "http://www.itrc.hp.com/service/patch/patchdetail.do?patchid=t64kit1001787-v51bb27-es-20100817" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-7ubuntu5.2_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p6+dfsg-1ubuntu5.1_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-6ubuntu2.4_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4.dsc" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.dsc" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a+stable-8.1ubuntu6.3_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.0a+stable-8.1ubuntu6.3_all.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable-8.1ubuntu6.3.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a+stable-8.1ubuntu6.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.diff.gz" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.4p4+dfsg-3ubuntu2.3_all.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_sparc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-3ubuntu2.3_lpia.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-6ubuntu2.4_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a+stable.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-7ubuntu5.2_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_amd64.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a+stable-8.1ubuntu6.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3.diff.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_i386.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_i386.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p6+dfsg-1ubuntu5.1_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg.orig.tar.gz" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p4+dfsg-3ubuntu2.3_powerpc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg.orig.tar.gz" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1.dsc" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntp_4.2.4p6+dfsg-1ubuntu5.1_sparc.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.4p4+dfsg-7ubuntu5.2_amd64.deb" }, { "trust": 0.1, "url": "http://ports.ubuntu.com/pool/main/n/ntp/ntpdate_4.2.4p4+dfsg-6ubuntu2.4_lpia.deb" }, { "trust": 0.1, "url": "http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a+stable-8.1ubuntu6.3_powerpc.deb" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-0158" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1386" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3547" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3286" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3080" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2007-4567" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0001" }, { "trust": 0.1, "url": "http://bit.ly/aqtcqn" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4567" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2908" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1013127" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1377" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4536" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2409" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4536" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3620" }, { "trust": 0.1, "url": "http://www.vmware.com/security" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3228" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4021" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1387" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0427" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0426" }, { "trust": 0.1, "url": "http://kb.vmware.com/kb/1055" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2006-6304" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3939" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4020" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3736" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2695" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3556" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1378" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4538" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3621" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0097" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4537" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/security_response.html" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0290" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3547" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3286" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3612" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3613" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4138" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4272" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0382" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1384" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2695" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4355" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4141" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2908" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3613" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-0590" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4538" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3080" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3726" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6304" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2910" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3556" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3612" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1379" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4212" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-4537" }, { "trust": 0.1, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3889" }, { "trust": 0.1, "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2910" }, { "trust": 0.1, "url": "http://www.vmware.com/support/policies/eos_vi.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3228" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2009-3726" }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-10:02/ntpd.patch" }, { "trust": 0.1, "url": "http://security.freebsd.org/\u003e." }, { "trust": 0.1, "url": "http://security.freebsd.org/patches/sa-10:02/ntpd.patch.asc" }, { "trust": 0.1, "url": "http://security.freebsd.org/advisories/freebsd-sa-10:02.ntpd.asc" }, { "trust": 0.1, "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/" }, { "trust": 0.1, "url": "http://h20564.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "http://itrc.hp.com" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201001-01.xml" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/" }, { "trust": 0.1, "url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/" } ], "sources": [ { "db": "CERT/CC", "id": "VU#568372" }, { "db": "VULMON", "id": "CVE-2009-3563" }, { "db": "BID", "id": "37255" }, { "db": "JVNDB", "id": "JVNDB-2009-002446" }, { "db": "PACKETSTORM", "id": "83621" }, { "db": "PACKETSTORM", "id": "94512" }, { "db": "PACKETSTORM", "id": "83609" }, { "db": "PACKETSTORM", "id": "121022" }, { "db": "PACKETSTORM", "id": "90046" }, { "db": "PACKETSTORM", "id": "84917" }, { "db": "PACKETSTORM", "id": "121645" }, { "db": "PACKETSTORM", "id": "99964" }, { "db": "PACKETSTORM", "id": "84704" }, { "db": "PACKETSTORM", "id": "121285" }, { "db": "CNNVD", "id": "CNNVD-200912-113" }, { "db": "NVD", "id": "CVE-2009-3563" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#568372" }, { "db": "CERT/CC", "id": "VU#417980" }, { "db": "VULMON", "id": "CVE-2009-3563" }, { "db": "BID", "id": "37255" }, { "db": "JVNDB", "id": "JVNDB-2009-002446" }, { "db": "PACKETSTORM", "id": "83621" }, { "db": "PACKETSTORM", "id": "94512" }, { "db": "PACKETSTORM", "id": "83609" }, { "db": "PACKETSTORM", "id": "121022" }, { "db": "PACKETSTORM", "id": "90046" }, { "db": "PACKETSTORM", "id": "84917" }, { "db": "PACKETSTORM", "id": "121645" }, { "db": "PACKETSTORM", "id": "99964" }, { "db": "PACKETSTORM", "id": "84704" }, { "db": "PACKETSTORM", "id": "121285" }, { "db": "CNNVD", "id": "CNNVD-200912-113" }, { "db": "NVD", "id": "CVE-2009-3563" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-12-08T00:00:00", "db": "CERT/CC", "id": "VU#568372" }, { "date": "2024-03-19T00:00:00", "db": "CERT/CC", "id": "VU#417980" }, { "date": "2009-12-09T00:00:00", "db": "VULMON", "id": "CVE-2009-3563" }, { "date": "2009-12-08T00:00:00", "db": "BID", "id": "37255" }, { "date": "2010-01-25T00:00:00", "db": "JVNDB", "id": "JVNDB-2009-002446" }, { "date": "2009-12-10T15:41:54", "db": "PACKETSTORM", "id": "83621" }, { "date": "2010-10-05T21:10:50", "db": "PACKETSTORM", "id": "94512" }, { "date": "2009-12-09T00:21:25", "db": "PACKETSTORM", "id": "83609" }, { "date": "2013-03-30T12:12:00", "db": "PACKETSTORM", "id": "121022" }, { "date": "2010-05-28T20:14:56", "db": "PACKETSTORM", "id": "90046" }, { "date": "2010-01-07T19:01:14", "db": "PACKETSTORM", "id": "84917" }, { "date": "2013-05-15T16:22:00", "db": "PACKETSTORM", "id": "121645" }, { "date": "2011-04-01T21:06:48", "db": "PACKETSTORM", "id": "99964" }, { "date": "2010-01-04T02:50:23", "db": "PACKETSTORM", "id": "84704" }, { "date": "2013-04-12T00:36:17", "db": "PACKETSTORM", "id": "121285" }, { "date": "2009-12-09T00:00:00", "db": "CNNVD", "id": "CNNVD-200912-113" }, { "date": "2009-12-09T18:30:00.390000", "db": "NVD", "id": "CVE-2009-3563" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-07-22T00:00:00", "db": "CERT/CC", "id": "VU#568372" }, { "date": "2024-03-20T00:00:00", "db": "CERT/CC", "id": "VU#417980" }, { "date": "2017-09-19T00:00:00", "db": "VULMON", "id": "CVE-2009-3563" }, { "date": "2015-05-12T19:46:00", "db": "BID", "id": "37255" }, { "date": "2024-03-22T04:19:00", "db": "JVNDB", "id": "JVNDB-2009-002446" }, { "date": "2009-12-10T00:00:00", "db": "CNNVD", "id": "CNNVD-200912-113" }, { "date": "2024-03-19T21:15:07.173000", "db": "NVD", "id": "CVE-2009-3563" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "83621" }, { "db": "PACKETSTORM", "id": "83609" }, { "db": "CNNVD", "id": "CNNVD-200912-113" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "NTP mode 7 denial-of-service vulnerability", "sources": [ { "db": "CERT/CC", "id": "VU#568372" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "design error", "sources": [ { "db": "CNNVD", "id": "CNNVD-200912-113" } ], "trust": 0.6 } }
ghsa-gm22-x89c-4h54
Vulnerability from github
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
{ "affected": [], "aliases": [ "CVE-2009-3563" ], "database_specific": { "cwe_ids": [], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2009-12-09T18:30:00Z", "severity": "MODERATE" }, "details": "ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.", "id": "GHSA-gm22-x89c-4h54", "modified": "2022-05-03T03:20:29Z", "published": "2022-05-03T03:20:29Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3563" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=531213" }, { "type": "WEB", "url": "https://lists.ntp.org/pipermail/announce/2009-December/000086.html" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11225" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12141" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19376" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7076" }, { "type": "WEB", "url": "https://rhn.redhat.com/errata/RHSA-2009-1648.html" }, { "type": "WEB", "url": "https://rhn.redhat.com/errata/RHSA-2009-1651.html" }, { "type": "WEB", "url": "https://rhn.redhat.com/errata/RHSA-2010-0095.html" }, { "type": "WEB", "url": "https://support.ntp.org/bugs/show_bug.cgi?id=1331" }, { "type": "WEB", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00763.html" }, { "type": "WEB", "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00809.html" }, { "type": "WEB", "url": "http://aix.software.ibm.com/aix/efixes/security/xntpd_advisory.asc" }, { "type": "WEB", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560074" }, { "type": "WEB", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673" }, { "type": "WEB", "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10691" }, { "type": "WEB", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=130168580504508\u0026w=2" }, { "type": "WEB", "url": "http://marc.info/?l=bugtraq\u0026m=136482797910018\u0026w=2" }, { "type": "WEB", "url": "http://secunia.com/advisories/37629" }, { "type": "WEB", "url": "http://secunia.com/advisories/37922" }, { "type": "WEB", "url": "http://secunia.com/advisories/38764" }, { "type": "WEB", "url": "http://secunia.com/advisories/38794" }, { "type": "WEB", "url": "http://secunia.com/advisories/38832" }, { "type": "WEB", "url": "http://secunia.com/advisories/38834" }, { "type": "WEB", "url": "http://secunia.com/advisories/39593" }, { "type": "WEB", "url": "http://security-tracker.debian.org/tracker/CVE-2009-3563" }, { "type": "WEB", "url": "http://securitytracker.com/id?1023298" }, { "type": "WEB", "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021781.1-1" }, { "type": "WEB", "url": "http://support.avaya.com/css/P8/documents/100071808" }, { "type": "WEB", "url": "http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode" }, { "type": "WEB", "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ68659" }, { "type": "WEB", "url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IZ71047" }, { "type": "WEB", "url": "http://www.debian.org/security/2009/dsa-1948" }, { "type": "WEB", "url": "http://www.kb.cert.org/vuls/id/568372" }, { "type": "WEB", "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7V6J" }, { "type": "WEB", "url": "http://www.kb.cert.org/vuls/id/MAPG-7X7VD7" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/37255" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/0510" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/0528" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2010/0993" } ], "schema_version": "1.4.0", "severity": [] }
wid-sec-w-2024-0672
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Das User Datagram Protocol (UDP) ist ein einfaches, verbindungsloses Protokoll, das in vielen internetbasierten Anwendungen verwendet wird.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in UDP-basierten Protokollimplementierungen ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0672 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0672.json" }, { "category": "self", "summary": "WID-SEC-2024-0672 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0672" }, { "category": "external", "summary": "CERT Coordination Center vom 2024-03-19", "url": "https://kb.cert.org/vuls/id/417980" } ], "source_lang": "en-US", "title": "UDP-basierte Protokollimplementierungen: Mehrere Schwachstellen erm\u00f6glichen Denial of Service", "tracking": { "current_release_date": "2024-03-19T23:00:00.000+00:00", "generator": { "date": "2024-03-20T12:35:54.545+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0672", "initial_release_date": "2024-03-19T23:00:00.000+00:00", "revision_history": [ { "date": "2024-03-19T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Open Source ntp", "product": { "name": "Open Source ntp", "product_id": "T033573", "product_identification_helper": { "cpe": "cpe:/a:ntp:ntp:-" } } } ], "category": "vendor", "name": "Open Source" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-2169", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in bestimmten Implementierungen von UDP-basierten Anwendungsprotokollen. Bestimmte Anwendungen k\u00f6nnen dazu gebracht werden, eine Netzwerkschleife mit scheinbar endlosen Paketen zu erzeugen. Softwareimplementierungen UDP-basierter Anwendungsprotokolle wie z.B. DNS, NTP, TFTP, Echo (RFC862), Chargen (RFC864) und QOTD (RFC865) sind von diesem Problem betroffen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle durch das Senden malizi\u00f6ser Pakete ausnutzen, um einen Denial-of-Service-Zustand zu verursachen." } ], "product_status": { "known_affected": [ "T033573" ] }, "release_date": "2024-03-19T23:00:00Z", "title": "CVE-2024-2169" }, { "cve": "CVE-2024-1309", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in bestimmten Implementierungen von UDP-basierten Anwendungsprotokollen. Bestimmte Anwendungen k\u00f6nnen dazu gebracht werden, eine Netzwerkschleife mit scheinbar endlosen Paketen zu erzeugen. Softwareimplementierungen UDP-basierter Anwendungsprotokolle wie z.B. DNS, NTP, TFTP, Echo (RFC862), Chargen (RFC864) und QOTD (RFC865) sind von diesem Problem betroffen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle durch das Senden malizi\u00f6ser Pakete ausnutzen, um einen Denial-of-Service-Zustand zu verursachen." } ], "product_status": { "known_affected": [ "T033573" ] }, "release_date": "2024-03-19T23:00:00Z", "title": "CVE-2024-1309" }, { "cve": "CVE-2009-3563", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in bestimmten Implementierungen von UDP-basierten Anwendungsprotokollen. Bestimmte Anwendungen k\u00f6nnen dazu gebracht werden, eine Netzwerkschleife mit scheinbar endlosen Paketen zu erzeugen. Softwareimplementierungen UDP-basierter Anwendungsprotokolle wie z.B. DNS, NTP, TFTP, Echo (RFC862), Chargen (RFC864) und QOTD (RFC865) sind von diesem Problem betroffen. Ein entfernter, anonymer Angreifer kann diese Schwachstelle durch das Senden malizi\u00f6ser Pakete ausnutzen, um einen Denial-of-Service-Zustand zu verursachen." } ], "product_status": { "known_affected": [ "T033573" ] }, "release_date": "2024-03-19T23:00:00Z", "title": "CVE-2009-3563" } ] }
wid-sec-w-2023-1747
Vulnerability from csaf_certbund
Notes
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Ein Switch ist ein aktives Netzwerkger\u00e4t, das Datenpakete auf dem Data Link Layer (Layer 2) des OSI-Modells weiterleitet.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Moxa Switch ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Sonstiges", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-1747 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1747.json" }, { "category": "self", "summary": "WID-SEC-2023-1747 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1747" }, { "category": "external", "summary": "Moxa Security Advisories - MPSA-230307 vom 2023-07-13", "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-230307-multiple-switch-series-affected-by-ntp-denial-of-service-vulnerability" } ], "source_lang": "en-US", "title": "Moxa Switch: Schwachstelle erm\u00f6glicht Denial of Service", "tracking": { "current_release_date": "2023-07-13T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:36:33.131+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-1747", "initial_release_date": "2023-07-13T22:00:00.000+00:00", "revision_history": [ { "date": "2023-07-13T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Moxa Switch PT-G7828 Series \u003c= 6.2", "product": { "name": "Moxa Switch PT-G7828 Series \u003c= 6.2", "product_id": "T028613", "product_identification_helper": { "cpe": "cpe:/h:moxa:switch:6.2::pt-g7828_series" } } }, { "category": "product_name", "name": "Moxa Switch PT-7828 Series \u003c= 3.9", "product": { "name": "Moxa Switch PT-7828 Series \u003c= 3.9", "product_id": "T028618", "product_identification_helper": { "cpe": "cpe:/h:moxa:switch:3.9::pt-7828_series" } } }, { "category": "product_name", "name": "Moxa Switch MDS-G4012 \u003c= 1.2", "product": { "name": "Moxa Switch MDS-G4012 \u003c= 1.2", "product_id": "T028620", "product_identification_helper": { "cpe": "cpe:/h:moxa:switch:1.2::mds-g4012_series" } } }, { "category": "product_name", "name": "Moxa Switch PT-7728 Series \u003c= 3.8", "product": { "name": "Moxa Switch PT-7728 Series \u003c= 3.8", "product_id": "T028622", "product_identification_helper": { "cpe": "cpe:/h:moxa:switch:3.8::pt-7728_series" } } }, { "category": "product_name", "name": "Moxa Switch PT-508 Series \u003c= 3.8", "product": { "name": "Moxa Switch PT-508 Series \u003c= 3.8", "product_id": "T028626", "product_identification_helper": { "cpe": "cpe:/h:moxa:switch:pt-508_series__3.8" } } } ], "category": "product_name", "name": "Switch" } ], "category": "vendor", "name": "Moxa" } ] }, "vulnerabilities": [ { "cve": "CVE-2009-3563", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in mehreren Moxa Switches. Der Fehler besteht aufgrund einer unkontrollierten Rekursion, die zu einem \u00fcberm\u00e4\u00dfigen CPU- und Protokollverbrauch f\u00fchrt. Ein entfernter, nicht authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial-of-Service-Zustand zu verursachen." } ], "product_status": { "known_affected": [ "T028618", "T028626", "T028613", "T028622", "T028620" ] }, "release_date": "2023-07-13T22:00:00Z", "title": "CVE-2009-3563" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.